remove useless capabilities and use standard environment in systemd

yrutschle · Apr 10, 2024 · fee8491 · fee8491
1 parent a80d79f
commit fee8491
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/scripts/[email protected] b/scripts/[email protected]
@@ -3,12 +3,12 @@ Description=SSL/SSH multiplexer (select mode) for %I
 After=network.target
 
 [Service]
-EnvironmentFile=/etc/conf.d/sslh
+EnvironmentFile=/etc/default/sslh
 ExecStart=/usr/sbin/sslh-select -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
 KillMode=process
 #Hardening
 PrivateTmp=true
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 SecureBits=noroot-locked
 ProtectSystem=strict

diff --git a/scripts/[email protected] b/scripts/[email protected]
@@ -3,7 +3,7 @@ Description=SSL/SSH multiplexer (fork mode) for %I
 After=network.target
 
 [Service]
-EnvironmentFile=/etc/conf.d/sslh
+EnvironmentFile=/etc/default/sslh
 ExecStart=/usr/sbin/sslh -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
 KillMode=process
 #Hardening