whois42d/whois42d.service

40 lines
908 B
SYSTEMD

##########################################################################
# whois42d example service file
##########################################################################
[Unit]
Description=Whois dn42 daemon
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
# running as an unprivileged user requires the whois42d binary
# to be installed with additional capabilities for port 43 binding
#
# setcap 'cap_net_bind_service=+ep' ./whois42d
#
User=whoisd
Group=whoisd
Type=simple
Restart=on-failure
# service hardening
ProtectSystem=strict
ReadOnlyPaths=/home/whoisd/registry
NoNewPrivileges=yes
ProtectControlGroups=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
MemoryDenyWriteExecute=yes
# exec func
ExecStart=/usr/local/bin/whois42d \
-registry /home/whoisd/registry
##########################################################################
# end of file