gentoo auto-resync : 18:05:2024 - 00:01:41

author: V3n3RiX <venerix@koprulu.sector> 2024-05-18 00:01:42 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-05-18 00:01:42 +0100
commit: 075fd1f8cabc5879c6eb42127fb84c3058677fde (patch)
tree: 8b761e85416656264e041b1954427a58894b3333 /net-misc/sslh/files
parent: 6c9dc10e04cd513437e046ccca0e51a3d6d4dc7c (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/net-misc/sslh/files/sslh.service b/net-misc/sslh/files/sslh.service
new file mode 100644
index 000000000000..9d58362220f0
--- /dev/null
+++ b/net-misc/sslh/files/sslh.service
@@ -0,0 +1,28 @@
+# /etc/systemd/system/sslh.service
+[Unit]
+Description=SSL/SSH multiplexer (fork mode) for %I
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/sslh
+ExecStart=/usr/sbin/sslh -f $DAEMON_OPTS
+KillMode=process
+#Hardening
+PrivateTmp=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+SecureBits=noroot-locked
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
author	V3n3RiX <venerix@koprulu.sector>	2024-05-18 00:01:42 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-05-18 00:01:42 +0100
commit	075fd1f8cabc5879c6eb42127fb84c3058677fde (patch)
tree	8b761e85416656264e041b1954427a58894b3333 /net-misc/sslh/files
parent	6c9dc10e04cd513437e046ccca0e51a3d6d4dc7c (diff)