diff --git a/varnish.changes b/varnish.changes
index 7eae464..6f83ad3 100644
--- a/varnish.changes
+++ b/varnish.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Dec  1 10:27:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * varnish.service
+  * varnishlog.service
+
 -------------------------------------------------------------------
 Fri Aug  6 10:02:27 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/varnish.service b/varnish.service
index 8a4938a..2d82d08 100644
--- a/varnish.service
+++ b/varnish.service
@@ -3,6 +3,19 @@ Description=Varnish HTTP accelerator/reverse proxy
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=/etc/sysconfig/varnish
 PIDFile=/var/run/varnishd.pid
 ExecStart=/usr/sbin/varnishd -P /var/run/varnishd.pid -F $VARNISHD_PARAMS
diff --git a/varnishlog.service b/varnishlog.service
index e7b236b..3bbcf00 100644
--- a/varnishlog.service
+++ b/varnishlog.service
@@ -4,6 +4,19 @@ Requires=varnish.service
 #After= is not required
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=/etc/sysconfig/varnish
 PIDFile=/var/run/varnishlog.pid
 ExecStart=/usr/sbin/varnishncsa -P /var/run/varnishlog.pid $VARNISHLOG_PARAMS