28 lines
708 B
INI
28 lines
708 B
INI
# vim: set ft=systemd :
|
|
[Unit]
|
|
Description=BURP client
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=exec
|
|
ExecStart=/usr/sbin/burp -a t -Q
|
|
SuccessExitStatus=3
|
|
CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH
|
|
CapabilityBoundingSet=CAP_FOWNER CAP_LEASE CAP_SETGID CAP_SETUID
|
|
NoNewPrivileges=yes
|
|
PrivateDevices=yes
|
|
PrivateTmp=yes
|
|
ProcSubset=pid
|
|
ProtectClock=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHostname=yes
|
|
ProtectKernelLogs=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectProc=noaccess
|
|
ProtectSystem=full
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=@system-service @privileged @mount
|
|
SystemCallFilter=~@clock @debug @module @reboot @swap
|