diff options
Diffstat (limited to 'meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service')
-rw-r--r-- | meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service new file mode 100644 index 000000000..b6bc04a4c --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service @@ -0,0 +1,20 @@ +[Unit] +Description=SSL/SSH multiplexer +Requires=sslh.socket + +[Service] +ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443 +KillMode=process +#Hardening +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +MountFlags=private +NoNewPrivileges=true +PrivateDevices=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +DynamicUser=true |