| Willy Tu | 74a3a8a | 2021-02-10 09:52:53 -0800 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=SSL/SSH multiplexer |
| William A. Kennington III | 01395f8 | 2021-02-18 13:30:46 -0800 | [diff] [blame] | 3 | Requires=gbmc-ncsi-sslh.socket |
| 4 | After=gbmc-ncsi-sslh.socket |
| Willy Tu | 74a3a8a | 2021-02-10 09:52:53 -0800 | [diff] [blame] | 5 | |
| 6 | [Service] |
| 7 | ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443 |
| 8 | KillMode=process |
| 9 | #Hardening |
| 10 | PrivateTmp=true |
| 11 | ProtectSystem=strict |
| 12 | ProtectHome=true |
| 13 | ProtectKernelModules=true |
| 14 | ProtectKernelTunables=true |
| 15 | ProtectControlGroups=true |
| 16 | MountFlags=private |
| 17 | NoNewPrivileges=true |
| 18 | PrivateDevices=true |
| 19 | RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX |
| 20 | MemoryDenyWriteExecute=true |
| 21 | DynamicUser=true |