diff options
author | skydrome | 2017-09-23 15:36:29 -0400 |
---|---|---|
committer | skydrome | 2017-09-23 15:36:29 -0400 |
commit | d150032a3039f340a3bd7b2c43433374be27b0eb (patch) | |
tree | 7d4213a35a4c79a42ebbd5e96fb62d18257bec12 | |
parent | f9ea4cc1ba33df587edb3ea71f06f8a7ccd50e9e (diff) | |
download | aur-d150032a3039f340a3bd7b2c43433374be27b0eb.tar.gz |
0.3.2.1.alpha
add systemd hardening options
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | PKGBUILD | 10 | ||||
-rw-r--r-- | tor.service | 18 | ||||
-rw-r--r-- | torrc | 10 |
4 files changed, 28 insertions, 20 deletions
@@ -1,8 +1,6 @@ -# Generated by mksrcinfo v8 -# Sat May 27 00:20:37 UTC 2017 pkgbase = tor-git pkgdesc = An anonymizing overlay network (development version) - pkgver = 0.3.1.2.alpha.24949 + pkgver = 0.3.2.1.alpha.26280 pkgrel = 1 url = http://www.torproject.org install = tor.install @@ -11,11 +9,11 @@ pkgbase = tor-git arch = armv6h arch = armv7h license = BSD - makedepends = asciidoc depends = openssl>=1.0.2.a depends = ca-certificates depends = libevent depends = libseccomp + depends = asciidoc optdepends = torsocks: for torify support provides = tor conflicts = tor @@ -26,8 +24,8 @@ pkgbase = tor-git source = tor.tmpfiles source = tor.sysusers sha256sums = SKIP - sha256sums = aedb4bbdf18583a6eb74959a700805093bb515f7fed3fa80a607b06694255d17 - sha256sums = 5acd97eed1e4e175d5d547704a7d125009de6dc51d3c7163b7311e82fd34e9a2 + sha256sums = 9ff0e143b6c19b4cff74c085e498f8be65f6c40aa18618549ebf5a79e7478382 + sha256sums = c685edf59802b4ecd90d82a32ae58806c31f75d3e8de0d62cca4e9b16868729d sha256sums = 37ff22a2e6f3dab412f08b46b86dede063538f6a32039d58a90d1212f188b379 sha256sums = 4a27a177889c044ff4e3e1f6ab8bbb32211466d53d884974240dab67592343b2 @@ -4,14 +4,13 @@ pkgname=tor-git _branch=master #_branch=maint-0.2.6 -pkgver=0.3.1.2.alpha.24949 +pkgver=0.3.2.1.alpha.26280 pkgrel=1 pkgdesc="An anonymizing overlay network (development version)" arch=('i686' 'x86_64' 'armv6h' 'armv7h') url="http://www.torproject.org" license=('BSD') -depends=('openssl>=1.0.2.a' 'ca-certificates' 'libevent' 'libseccomp') -makedepends=('asciidoc') +depends=('openssl>=1.0.2.a' 'ca-certificates' 'libevent' 'libseccomp' 'asciidoc') optdepends=('torsocks: for torify support') conflicts=('tor') provides=('tor') @@ -19,12 +18,13 @@ install='tor.install' backup=('etc/tor/torrc') source=("git+https://git.torproject.org/tor.git#branch=${_branch}" + #"git+https://github.com/torproject/tor.git#branch=${_branch}" 'torrc' 'tor.service' 'tor.tmpfiles' 'tor.sysusers') sha256sums=('SKIP' - 'aedb4bbdf18583a6eb74959a700805093bb515f7fed3fa80a607b06694255d17' - '5acd97eed1e4e175d5d547704a7d125009de6dc51d3c7163b7311e82fd34e9a2' + '9ff0e143b6c19b4cff74c085e498f8be65f6c40aa18618549ebf5a79e7478382' + 'c685edf59802b4ecd90d82a32ae58806c31f75d3e8de0d62cca4e9b16868729d' '37ff22a2e6f3dab412f08b46b86dede063538f6a32039d58a90d1212f188b379' '4a27a177889c044ff4e3e1f6ab8bbb32211466d53d884974240dab67592343b2') diff --git a/tor.service b/tor.service index b83b3da56400..cfde74de1d19 100644 --- a/tor.service +++ b/tor.service @@ -1,12 +1,24 @@ [Unit] -Description=Anonymizing overlay network -After=network.target +Description=Anonymizing overlay network for TCP +After=syslog.target network.target nss-lookup.target [Service] Type=forking ExecStart=/usr/bin/tor -f /etc/tor/torrc +ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGINT -LimitNOFILE=8196 +LimitNOFILE=32768 + +# Hardening +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib/tor +ReadWriteDirectories=-/var/log/tor +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target @@ -1,5 +1,3 @@ -## CONFIGURED FOR ARCHLINUX - ## Configuration file for a typical Tor user ## Last updated 22 September 2015 for Tor 0.2.7.3-alpha. ## (may or may not work for much older or much newer versions of Tor.) @@ -14,11 +12,11 @@ ## Tor will look for this file in various places based on your platform: ## https://www.torproject.org/docs/faq#torrc -## Tor opens a socks proxy on port 9050 by default -- even if you don't -## configure one below. Set "SocksPort 0" if you plan to run Tor only +## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't +## configure one below. Set "SOCKSPort 0" if you plan to run Tor only ## as a relay, and not make any local application connections yourself. -SocksPort 127.0.0.1:9050 # Default: Bind to localhost:9050 for local connections. -#SocksPort 192.168.0.1:9100 # Bind to this address:port too. +SOCKSPort 127.0.0.1:9050 # Default: Bind to localhost:9050 for local connections. +#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too. ## Entry policies to allow/deny SOCKS requests based on IP address. ## First entry that matches wins. If no SOCKSPolicy is set, we accept |