/lib/systemd/system/arpwatch@.service is in arpwatch 2.1a15-6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [Unit]
Description=arpwatch service on interface %I
Documentation=man:arpwatch(8)
PartOf=arpwatch.service
Wants=network-online.target
After=network-online.target
[Service]
PrivateTmp=true
Type=forking
Environment="RUNAS=root"
EnvironmentFile=/etc/default/arpwatch
EnvironmentFile=-/etc/arpwatch/%i.iface
ExecStartPre=/usr/bin/touch -a %i.dat
ExecStartPre=/bin/chown $RUNAS %i.dat
ExecStart=/usr/sbin/arpwatch -u $RUNAS -i %i -f %i.dat $ARGS $IFACE_ARGS -F ${PCAP_FILTER}
Restart=on-failure
ProtectSystem=yes
# CAP_NET_ADMIN, CAP_NET_RAW: grab the arp packages using libpcap
# CAP_SETGID, CAP_SETUID: allow arpwatch to drop privs
# CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FOWNER: needed for creating the .dat file
CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID
WorkingDirectory=/var/lib/arpwatch
[Install]
WantedBy=multi-user.target
|