Accepting request 914621 from home:jsegitz:branches:systemdhardening:server:proxy

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/914621 OBS-URL: https://build.opensuse.org/package/show/server:proxy/cntlm?expand=0&rev=41
2021-08-27 15:21:45 +00:00 · 2021-08-27 15:21:45 +00:00 · f87ec26174
commit f87ec26174
parent 681972f0d7
3 changed files with 20 additions and 1 deletions
--- a/cntlm.changes
+++ b/cntlm.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 27 08:31:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * cntlm.service
+
 -------------------------------------------------------------------
 Thu Dec 19 15:36:35 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/cntlm.service
+++ b/cntlm.service
@ -3,6 +3,19 @@ Description=CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator
 After=network.target

 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 EnvironmentFile=-/etc/sysconfig/cntlmd
 ExecStart=/usr/sbin/cntlm -c /etc/cntlm.conf -U cntlm -P /run/cntlm/cntlmd.pid
--- a/cntlm.spec
+++ b/cntlm.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cntlm
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2007 Scorpio IT, Deidesheim, Germany
 #
 # All modifications and additions to the file contributed by third parties