name : imunify-agent-proxy.service [Unit] Description=Imunify Agent HTTP Proxy After=network.target imunify-agent-proxy.socket Requires=imunify-agent-proxy.socket # Links lifecycle: stopping/restarting the socket also stops/restarts the service PartOf=imunify-agent-proxy.socket [Service] Type=notify ExecStart=/usr/bin/imunify-agent-proxy Restart=on-failure RestartSec=5 StandardOutput=journal StandardError=journal # Ensures the process is cleaned up even on older systemd versions KillMode=mixed NoNewPrivileges=true # Pure userspace HTTP-to-UNIX-socket proxy: no exec, no chown, no # setuid. Port 11234 is unprivileged, the listening socket is passed # in via systemd socket activation. CapabilityBoundingSet= ProtectSystem=full ProtectHome=yes PrivateTmp=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 [Install] WantedBy=multi-user.target