pool/bitcoin
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6cfd88aaf9
bitcoin/harden_bitcoind.service.patch

22 lines
823 B
Diff
Raw Normal View History

Accepting request 914548 from home:jsegitz:branches:systemdhardening:network:cryptocurrencies - Added hardening to systemd service(s). Added patch(es): * harden_bitcoind.service.patch Modified: * bitcoind.service OBS-URL: https://build.opensuse.org/request/show/914548 OBS-URL: https://build.opensuse.org/package/show/network:cryptocurrencies/bitcoin?expand=0&rev=42
2021-08-27 17:22:13 +02:00
Index: bitcoin-0.21.1/contrib/init/bitcoind.service
===================================================================
--- bitcoin-0.21.1.orig/contrib/init/bitcoind.service
+++ bitcoin-0.21.1/contrib/init/bitcoind.service
@@ -69,6 +69,16 @@ NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
Reference in New Issue Copy Permalink