hamburghammer-mirrors/sshlog
1
0
Fork 0
mirror of https://git.sr.ht/~hamburghammer/sshlog synced 2025-01-06 12:17:41 +01:00
Code Issues Projects Releases Wiki Activity
sshlog/util/sshlog.service

42 lines
769 B
SYSTEMD
Raw Permalink Normal View History

Add sshlog.service configuration I am not an expert in systemd service creation/configuration. I just took an example file from the internet and modified it slightly to match my setup. This configuration gets using the `systemd-analyze` a mixed result while scanning it with the focus on security. I am sure it can be optimize to have a lot less capabilities but for the time I don't know how. Refs: - https://medium.com/@benmorel/creating-a-linux-service-with-systemd-611b5c8b91d6 - https://www.redhat.com/sysadmin/systemd-secure-services
2021-06-17 23:14:00 +02:00
[Unit]
Description=SSH Auth Logging
Requires=network-online.target
[Service]
Type=simple
Restart=always
RestartSec=30sec
# Path to the executable
ExecStart=/home/user/go/bin/sshlog -p 2222
KillSignal=SIGTERM
# Stop trying to restart the service if it restarts too many times in a row
StartLimitInterval=5min
StartLimitBurst=4
StandardOutput=journal
StandardError=journal
StandardInput=null
DynamicUser=yes
PrivateTmp=true
PrivateDevices=true
PrivateMounts=true
ProtectSystem=full
#ProtectHome=true
RestrictNamespaces=true
InaccessiblePaths=/run /var /etc
PrivateUsers=true
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
Reference in a new issue Copy permalink