Enzo Matsumiya
239d018a6e
* add requirement for 'awk' package * move some %post logic from audit to audit-rules - Update audit.spec: add requirement for 'awk' package (bsc#1231236) OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=159
21 lines
640 B
Diff
21 lines
640 B
Diff
Index: audit-3.1.1/init.d/auditd.service
|
|
===================================================================
|
|
--- audit-3.1.1.orig/init.d/auditd.service
|
|
+++ audit-3.1.1/init.d/auditd.service
|
|
@@ -39,6 +39,15 @@ LockPersonality=true
|
|
#ProtectControlGroups=true
|
|
ProtectKernelModules=true
|
|
RestrictRealtime=true
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelLogs=true
|
|
+# end of automatic additions
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|