sslh-select.service


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

[Unit]
Description=SSL/SSH multiplexer (select mode)
Conflicts=sslh-fork.service sslh-ev.service sslh.service sslh.socket
After=network.target

[Service]
ExecStart=/usr/bin/sslh-select --config /etc/sslh.cfg --foreground
KillMode=process
ProtectSystem=strict
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
PrivateTmp=true
PrivateDevices=true
SecureBits=noroot-locked
MountFlags=private
NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
MemoryDenyWriteExecute=true
User=sslh
DynamicUser=true

[Install]
WantedBy=multi-user.target