diff options
Diffstat (limited to 'net-misc/sslh/files')
| -rw-r--r-- | net-misc/sslh/files/sslh.service | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/net-misc/sslh/files/sslh.service b/net-misc/sslh/files/sslh.service new file mode 100644 index 000000000000..9d58362220f0 --- /dev/null +++ b/net-misc/sslh/files/sslh.service @@ -0,0 +1,28 @@ +# /etc/systemd/system/sslh.service +[Unit] +Description=SSL/SSH multiplexer (fork mode) for %I +After=network.target + +[Service] +EnvironmentFile=/etc/conf.d/sslh +ExecStart=/usr/sbin/sslh -f $DAEMON_OPTS +KillMode=process +#Hardening +PrivateTmp=true +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +SecureBits=noroot-locked +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +MountFlags=private +NoNewPrivileges=true +PrivateDevices=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +DynamicUser=true + +[Install] +WantedBy=multi-user.target |