meta-google: recipes-google: networking: gbmc-sslh: Import from gBMC Initial recipes-google/networking gbmc-sslh code from gBMC. Google-Bug-Id: 179617830 Upstream: 8ac594bdf054082ca6dbe35c4345759fe4c31669 Change-Id: I9d7cdcad8a816dd878cdbb2e30272ac7f223d49e Signed-off-by: Willy Tu <wltu@google.com>

commit: 74a3a8aef4287dddc77c11d70c0c19401c461991 [log] [tgz]
author: Willy Tu <wltu@google.com> Wed Feb 10 09:52:53 2021 -0800
committer: William A. Kennington III <wak@google.com> Tue Feb 16 20:37:24 2021 +0000
tree: 27fbc2163a5053567a02a779fe153d12a2f13950
parent: 72a9b771c6f66dfde3906b783dec28326a671bc7 [diff] [blame]
diff --git a/meta-google/recipes-google/networking/files/sslh.service b/meta-google/recipes-google/networking/files/sslh.service
new file mode 100644
index 0000000..b6bc04a
--- /dev/null
+++ b/meta-google/recipes-google/networking/files/sslh.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=SSL/SSH multiplexer
+Requires=sslh.socket
+
+[Service]
+ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443
+KillMode=process
+#Hardening
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
commit	74a3a8aef4287dddc77c11d70c0c19401c461991	[log] [tgz]
author	Willy Tu <wltu@google.com>	Wed Feb 10 09:52:53 2021 -0800
committer	William A. Kennington III <wak@google.com>	Tue Feb 16 20:37:24 2021 +0000
tree	27fbc2163a5053567a02a779fe153d12a2f13950
parent	72a9b771c6f66dfde3906b783dec28326a671bc7 [diff] [blame]