diff --git a/cntlm.changes b/cntlm.changes
index a657f21..425c6c5 100644
--- a/cntlm.changes
+++ b/cntlm.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 27 08:31:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * cntlm.service
+
 -------------------------------------------------------------------
 Thu Dec 19 15:36:35 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/cntlm.service b/cntlm.service
index 15951ba..e314a39 100644
--- a/cntlm.service
+++ b/cntlm.service
@@ -3,6 +3,19 @@ Description=CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 EnvironmentFile=-/etc/sysconfig/cntlmd
 ExecStart=/usr/sbin/cntlm -c /etc/cntlm.conf -U cntlm -P /run/cntlm/cntlmd.pid
diff --git a/cntlm.spec b/cntlm.spec
index 185beb1..9e86a7f 100644
--- a/cntlm.spec
+++ b/cntlm.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package cntlm
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2007 Scorpio IT, Deidesheim, Germany
 #
 # All modifications and additions to the file contributed by third parties