forked from extern/endlessh
Systemd service
Assuming an /opt/ install. For those unfamiliar, plop it into /etc/systemd/system (symlinks might not work, old systemd bug), run `systemctl daemon-reload`, and have it start on boot (and immediately) with `systemctl enable --now endlessh.service`
This commit is contained in:
Will Starms
Will Starms
parent
ae76b41294
commit
922af308f2
29
util/endlessh.service
Normal file
29
util/endlessh.service
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Endlessh SSH Tarpit
|
||||||
|
Requires=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30sec
|
||||||
|
ExecStart=/opt/endlessh/endlessh
|
||||||
|
KillSignal=SIGTERM
|
||||||
|
|
||||||
|
StandardOutput=journal
|
||||||
|
StandardError=journal
|
||||||
|
StandardInput=null
|
||||||
|
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectHome=true
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ConfigurationDirectory=/etc/endlessh
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
Loading…
Reference in New Issue
Block a user