mirror of
https://git.sr.ht/~hamburghammer/sshlog
synced 2025-01-03 18:57:40 +01:00
Augusto Dwenger J
279b3fa159
I am not an expert in systemd service creation/configuration. I just took an example file from the internet and modified it slightly to match my setup. This configuration gets using the `systemd-analyze` a mixed result while scanning it with the focus on security. I am sure it can be optimize to have a lot less capabilities but for the time I don't know how. Refs: - https://medium.com/@benmorel/creating-a-linux-service-with-systemd-611b5c8b91d6 - https://www.redhat.com/sysadmin/systemd-secure-services
41 lines
769 B
Desktop File
41 lines
769 B
Desktop File
[Unit]
|
|
Description=SSH Auth Logging
|
|
Requires=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
Restart=always
|
|
RestartSec=30sec
|
|
# Path to the executable
|
|
ExecStart=/home/user/go/bin/sshlog -p 2222
|
|
KillSignal=SIGTERM
|
|
|
|
# Stop trying to restart the service if it restarts too many times in a row
|
|
StartLimitInterval=5min
|
|
StartLimitBurst=4
|
|
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
StandardInput=null
|
|
|
|
DynamicUser=yes
|
|
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
PrivateMounts=true
|
|
ProtectSystem=full
|
|
#ProtectHome=true
|
|
RestrictNamespaces=true
|
|
InaccessiblePaths=/run /var /etc
|
|
|
|
PrivateUsers=true
|
|
|
|
NoNewPrivileges=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|