third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-12 15:17:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

remove useless capabilities and use standard environment in systemd

Browse Source
This commit is contained in:
yrutschle 2024-04-10 18:39:07 +02:00
parent a80d79fd40
commit fee8491a8e
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/systemd.sslh-select@.service
View File

@ -3,12 +3,12 @@ Description=SSL/SSH multiplexer (select mode) for %I
After=network.target
[Service]
EnvironmentFile=/etc/conf.d/sslh
EnvironmentFile=/etc/default/sslh
ExecStart=/usr/sbin/sslh-select -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
KillMode=process
#Hardening
PrivateTmp=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
SecureBits=noroot-locked
ProtectSystem=strict

2
scripts/systemd.sslh@.service
View File

@ -3,7 +3,7 @@ Description=SSL/SSH multiplexer (fork mode) for %I
After=network.target
[Service]
EnvironmentFile=/etc/conf.d/sslh
EnvironmentFile=/etc/default/sslh
ExecStart=/usr/sbin/sslh -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
KillMode=process
#Hardening