diff --git a/avahi-daemon-check-dns.sh b/avahi-daemon-check-dns.sh
index c3f71bd..bdd5816 100644
--- a/avahi-daemon-check-dns.sh
+++ b/avahi-daemon-check-dns.sh
@@ -43,7 +43,7 @@ dns_reachable() {
 
   # If there is no local nameserver and no we have no global ip addresses
   # then we can't reach any nameservers
-  if ! $(grep -E -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then 
+  if ! $(egrep -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then 
     if [ -x "$(which ip)" ]; then
       ADDRS=$(ip addr show scope global | grep inet)
       ROUTES=$(ip route show 0.0.0.0/0)
@@ -51,7 +51,7 @@ dns_reachable() {
       # Get addresses of all running interfaces
       ADDRS=$(LC_ALL=C ifconfig | grep ' addr:')
       # Filter out all local addresses
-      ADDRS=$(echo "${ADDRS}" | grep -E -v ':127|Scope:Host|Scope:Link')
+      ADDRS=$(echo "${ADDRS}" | egrep -v ':127|Scope:Host|Scope:Link')
       # Check we have a default route
       ROUTES=$(route -n | grep '^0.0.0.0 ')
     fi
@@ -76,7 +76,7 @@ dns_has_local() {
   # Use timeout when calling host as workaround for LP: #1752411
   OUT=`LC_ALL=C timeout 5 host -t soa local. 2>&1`
   if [ $? -eq 0 ] ; then
-    if echo "$OUT" | grep -E -vq 'has no|not found'; then
+    if echo "$OUT" | egrep -vq 'has no|not found'; then
       return 0
     fi
   else 
diff --git a/avahi.changes b/avahi.changes
index 36ee7a9..1086d99 100644
--- a/avahi.changes
+++ b/avahi.changes
@@ -1,8 +1,9 @@
 -------------------------------------------------------------------
-Sun Sep  4 12:19:08 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+Wed Jul 20 09:14:05 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
 
-- avahi-daemon-check-dns.sh: convert obsolete egrep call to grep -E
-  (boo#1203092)
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_avahi-daemon.service.patch
+  * harden_avahi-dnsconfd.service.patch
 
 -------------------------------------------------------------------
 Sat Jul  9 12:30:21 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
diff --git a/avahi.spec b/avahi.spec
index 3c5d19e..43c33c8 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -105,6 +105,8 @@ Patch25:        0006-man-add-missing-bshell.1-symlink.patch
 Patch26:        0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
 # PATCH-FIX-UPSTREAM 0009-fix-bytestring-decoding-for-proper-display.patch mgorse@suse.com -- fix bytestring decoding for proper display.
 Patch27:        0009-fix-bytestring-decoding-for-proper-display.patch
+Patch28:	harden_avahi-daemon.service.patch
+Patch29:	harden_avahi-dnsconfd.service.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -512,6 +514,8 @@ cp -a %{SOURCE12} service-type-database/build-db
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1
+%patch29 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions
diff --git a/harden_avahi-daemon.service.patch b/harden_avahi-daemon.service.patch
new file mode 100644
index 0000000..6719ed9
--- /dev/null
+++ b/harden_avahi-daemon.service.patch
@@ -0,0 +1,24 @@
+Index: avahi-0.8/avahi-daemon/avahi-daemon.service.in
+===================================================================
+--- avahi-0.8.orig/avahi-daemon/avahi-daemon.service.in
++++ avahi-0.8/avahi-daemon/avahi-daemon.service.in
+@@ -20,6 +20,19 @@ Description=Avahi mDNS/DNS-SD Stack
+ Requires=avahi-daemon.socket
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=dbus
+ BusName=org.freedesktop.Avahi
+ ExecStart=@sbindir@/avahi-daemon -s
diff --git a/harden_avahi-dnsconfd.service.patch b/harden_avahi-dnsconfd.service.patch
new file mode 100644
index 0000000..07a4593
--- /dev/null
+++ b/harden_avahi-dnsconfd.service.patch
@@ -0,0 +1,24 @@
+Index: avahi-0.8/avahi-dnsconfd/avahi-dnsconfd.service.in
+===================================================================
+--- avahi-0.8.orig/avahi-dnsconfd/avahi-dnsconfd.service.in
++++ avahi-0.8/avahi-dnsconfd/avahi-dnsconfd.service.in
+@@ -21,6 +21,19 @@ Requires=avahi-daemon.socket avahi-daemo
+ After=avahi-daemon.socket
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=simple
+ ExecStart=@sbindir@/avahi-dnsconfd -s
+