| Willy Tu | 74a3a8a | 2021-02-10 09:52:53 -0800 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=SSL/SSH multiplexer |
| 3 | Requires=sslh.socket |
| 4 | |
| 5 | [Service] |
| 6 | ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443 |
| 7 | KillMode=process |
| 8 | #Hardening |
| 9 | PrivateTmp=true |
| 10 | ProtectSystem=strict |
| 11 | ProtectHome=true |
| 12 | ProtectKernelModules=true |
| 13 | ProtectKernelTunables=true |
| 14 | ProtectControlGroups=true |
| 15 | MountFlags=private |
| 16 | NoNewPrivileges=true |
| 17 | PrivateDevices=true |
| 18 | RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX |
| 19 | MemoryDenyWriteExecute=true |
| 20 | DynamicUser=true |