feat: Universal Linux build + redesigned ostp-guard
- Build static musl binaries (work on any Linux distro) - Redesign ostp-guard with weighted scoring system (threshold: 4 points) - HIGH (2pts): Analysis tools (gdb/ida/ghidra), sandbox artifacts - MEDIUM (1pt): Low resources (<1GB RAM), suspicious env vars - Production VPS safe (1-2 points), sandbox blocked (4+ points) - Anti-debug: Windows (IsDebuggerPresent), Linux (/proc/self/status) - Deployment packages for Linux + Windows with SHA256 checksums
This commit is contained in:
23
dist/linux-amd64/ostp-server.service
vendored
Normal file
23
dist/linux-amd64/ostp-server.service
vendored
Normal file
@@ -0,0 +1,23 @@
|
||||
[Unit]
|
||||
Description=OSTP Stealth VPN Server
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
WorkingDirectory=/etc/ostp
|
||||
ExecStart=/usr/local/bin/ostp-server -c /etc/ostp/server.json
|
||||
Restart=on-failure
|
||||
RestartSec=10s
|
||||
LimitNOFILE=65536
|
||||
|
||||
# Security hardening
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths=/etc/ostp
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user