mirror of
https://github.com/yrutschle/sslh.git
synced 2025-04-12 15:17:14 +03:00
28 lines
646 B
Desktop File
28 lines
646 B
Desktop File
[Unit]
|
|
Description=SSL/SSH multiplexer (fork mode) for %I
|
|
After=network.target
|
|
|
|
[Service]
|
|
EnvironmentFile=/etc/default/sslh
|
|
ExecStart=/usr/sbin/sslh -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
|
|
KillMode=process
|
|
#Hardening
|
|
PrivateTmp=true
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
SecureBits=noroot-locked
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectControlGroups=true
|
|
MountFlags=private
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
|
MemoryDenyWriteExecute=true
|
|
DynamicUser=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|