From f87ec261744f8778fdd9b7005331a300aac54c368431a059925476a19dbdc3f7 Mon Sep 17 00:00:00 2001
From: Martin Pluskal <mpluskal@suse.com>
Date: Fri, 27 Aug 2021 15:21:45 +0000
Subject: [PATCH] Accepting request 914621 from
 home:jsegitz:branches:systemdhardening:server:proxy

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/914621
OBS-URL: https://build.opensuse.org/package/show/server:proxy/cntlm?expand=0&rev=41
---
 cntlm.changes |  6 ++++++
 cntlm.service | 13 +++++++++++++
 cntlm.spec    |  2 +-
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/cntlm.changes b/cntlm.changes
index a657f21..425c6c5 100644
--- a/cntlm.changes
+++ b/cntlm.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 27 08:31:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * cntlm.service
+
 -------------------------------------------------------------------
 Thu Dec 19 15:36:35 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/cntlm.service b/cntlm.service
index 15951ba..e314a39 100644
--- a/cntlm.service
+++ b/cntlm.service
@@ -3,6 +3,19 @@ Description=CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 EnvironmentFile=-/etc/sysconfig/cntlmd
 ExecStart=/usr/sbin/cntlm -c /etc/cntlm.conf -U cntlm -P /run/cntlm/cntlmd.pid
diff --git a/cntlm.spec b/cntlm.spec
index 185beb1..9e86a7f 100644
--- a/cntlm.spec
+++ b/cntlm.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package cntlm
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2007 Scorpio IT, Deidesheim, Germany
 #
 # All modifications and additions to the file contributed by third parties