aperturessh/util/endlessh.service

[Unit]
Description=Endlessh SSH Tarpit
Documentation=man:endlessh(1)
Requires=network-online.target

[Service]
Type=simple
Restart=always
RestartSec=30sec
ExecStart=/usr/local/bin/endlessh
KillSignal=SIGTERM

# Stop trying to restart the service if it restarts too many times in a row
StartLimitInterval=5min
StartLimitBurst=4

StandardOutput=journal
StandardError=journal
StandardInput=null

PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
ProtectHome=true
InaccessiblePaths=/run /var

## If you want Endlessh to bind on ports < 1024
## 1) run: 
##     setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE
## 3) comment following line
PrivateUsers=true

NoNewPrivileges=true
ConfigurationDirectory=endlessh
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target
Initial commit 2.0 - including earlier mod to add live stat tracking 1 year ago			`[Unit]`
			`Description=Endlessh SSH Tarpit`
			`Documentation=man:endlessh(1)`
			`Requires=network-online.target`

			`[Service]`
			`Type=simple`
			`Restart=always`
			`RestartSec=30sec`
			`ExecStart=/usr/local/bin/endlessh`
			`KillSignal=SIGTERM`

			`# Stop trying to restart the service if it restarts too many times in a row`
			`StartLimitInterval=5min`
			`StartLimitBurst=4`

			`StandardOutput=journal`
			`StandardError=journal`
			`StandardInput=null`

			`PrivateTmp=true`
			`PrivateDevices=true`
			`ProtectSystem=full`
			`ProtectHome=true`
			`InaccessiblePaths=/run /var`

			`## If you want Endlessh to bind on ports < 1024`
			`## 1) run:`
			`## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh`
			`## 2) uncomment following line`
			`#AmbientCapabilities=CAP_NET_BIND_SERVICE`
			`## 3) comment following line`
			`PrivateUsers=true`

			`NoNewPrivileges=true`
			`ConfigurationDirectory=endlessh`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
			`ProtectControlGroups=true`
			`MemoryDenyWriteExecute=true`

			`[Install]`
			`WantedBy=multi-user.target`