Merge multiple sslh systemd unit configurations

yrutschle · Apr 10, 2024 · a80d79f · a80d79f
2 parents 1799a81 + 4b921be
commit a80d79f
Show file tree

Hide file tree

Showing 4 changed files with 280 additions and 85 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,6 +7,7 @@ libsslh.a
 sslh-fork
 sslh-select
 sslh-ev
+systemd-sslh-generator
 sslh.8.gz
 tags
 version.h
diff --git a/scripts/systemd.sslh-select@.service b/scripts/systemd.sslh-select@.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode) for %I
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/sslh
+ExecStart=/usr/sbin/sslh-select -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
+KillMode=process
+#Hardening
+PrivateTmp=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+SecureBits=noroot-locked
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/systemd.sslh.service → scripts/systemd.sslh@.service b/scripts/systemd.sslh.service → scripts/systemd.sslh@.service
@@ -1,10 +1,10 @@
 [Unit]
-Description=SSL/SSH multiplexer
+Description=SSL/SSH multiplexer (fork mode) for %I
 After=network.target
 
 [Service]
 EnvironmentFile=/etc/conf.d/sslh
-ExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS
+ExecStart=/usr/sbin/sslh -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
 KillMode=process
 #Hardening
 PrivateTmp=true