mirror of
https://git.sr.ht/~hamburghammer/sshlog
synced 2024-12-23 13:37:41 +01:00
Compare commits
4 commits
4fea62262f
...
b345d17602
Author | SHA1 | Date | |
---|---|---|---|
b345d17602 | |||
abdaa65cfa | |||
c4f38cd7e1 | |||
279b3fa159 |
3 changed files with 60 additions and 0 deletions
|
@ -41,3 +41,7 @@ FLAGS:
|
||||||
-4, --onlyIPv4 Only listens on IPv4.
|
-4, --onlyIPv4 Only listens on IPv4.
|
||||||
-p, --port string Port to listen for incoming connections. (default "22"))
|
-p, --port string Port to listen for incoming connections. (default "22"))
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Utils
|
||||||
|
Inside the `util` directory you might find some additional information like how to create Systemd service for sshlog.
|
||||||
|
|
||||||
|
|
15
util/README.md
Normal file
15
util/README.md
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Utility
|
||||||
|
A collection of scripts and useful configurations.
|
||||||
|
|
||||||
|
## Systemd
|
||||||
|
You can use the example `sshlog.service` to run `sshlog` as a service under Systemd.
|
||||||
|
|
||||||
|
Copy the `sshlog.service` into `/etc/systemd/system/sshlog.service` and change the `ExecStart` value to point to the `sshlog` executable.
|
||||||
|
If you installed it with `go install` it will be propably located inside your `$GOPATH/bin` directory. Use the full path as
|
||||||
|
value for the `ExecStart` parameter. This is also the location if you wannt to give it some arguments like `-p 2222` for the listening port.
|
||||||
|
|
||||||
|
After saving the configuration under `/etc/systemd/system/sshlog.service` it can be started with `systemctl start sshlog.service` and
|
||||||
|
enabled to run on system boot with `systemctl enable sshlog.service`
|
||||||
|
|
||||||
|
While running it with Systemd all logs can be accesst with `journalctl -u sshlog.service`.
|
||||||
|
|
41
util/sshlog.service
Normal file
41
util/sshlog.service
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
[Unit]
|
||||||
|
Description=SSH Auth Logging
|
||||||
|
Requires=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30sec
|
||||||
|
# Path to the executable
|
||||||
|
ExecStart=/home/user/go/bin/sshlog -p 2222
|
||||||
|
KillSignal=SIGTERM
|
||||||
|
|
||||||
|
# Stop trying to restart the service if it restarts too many times in a row
|
||||||
|
StartLimitInterval=5min
|
||||||
|
StartLimitBurst=4
|
||||||
|
|
||||||
|
StandardOutput=journal
|
||||||
|
StandardError=journal
|
||||||
|
StandardInput=null
|
||||||
|
|
||||||
|
DynamicUser=yes
|
||||||
|
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateMounts=true
|
||||||
|
ProtectSystem=full
|
||||||
|
#ProtectHome=true
|
||||||
|
RestrictNamespaces=true
|
||||||
|
InaccessiblePaths=/run /var /etc
|
||||||
|
|
||||||
|
PrivateUsers=true
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in a new issue