Dirk Mueller
65157cf44f
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/935000 OBS-URL: https://build.opensuse.org/package/show/server:mail/uucp?expand=0&rev=32
42 lines
1.4 KiB
Desktop File
42 lines
1.4 KiB
Desktop File
[Unit]
|
|
Description=SSL tunnel for UUCP
|
|
After=syslog.target network.target
|
|
# The config needs to be adjusted by the admin, see example file in /etc/uucp/
|
|
# Just an proposal without any without obligation, without any warranty, and
|
|
# at your own risk:
|
|
#
|
|
# Creation of /etc/uucp/stunnel.pem used in /etc/uucp/suucp-server.conf(.systemd)
|
|
# > umask 066
|
|
# > cp -p /etc/uucp/suucp-server.conf.example /etc/uucp/suucp-server.conf
|
|
# > openssl req -new -x509 -days 3650 -utf8 -nodes -keyout /etc/uucp/stunnel.pem -out /etc/uucp/stunnel.pem
|
|
# > dd if=/dev/urandom count=4 | openssl dhparam -rand - 1024 >> /etc/uucp/stunnel.pem
|
|
#
|
|
# Fingerprint and hash
|
|
# > openssl x509 -text -subject -dates -fingerprint -noout -in /etc/uucp/stunnel.pem
|
|
# > ln -sf stunnel.pem /etc/uucp/$(openssl x509 -hash -noout -in /etc/uucp/stunnel.pem).0
|
|
#
|
|
ConditionPathExists=/etc/uucp/suucp-server.conf
|
|
|
|
[Service]
|
|
# As long as forking is off in configuration of stunnel
|
|
Type=simple
|
|
ExecStart=/usr/sbin/stunnel /etc/uucp/suucp-server.conf
|
|
TimeoutSec=600
|
|
PrivateTmp=true
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|