From 83d4ae3c9dbd5f20a405980341a967903a6b353b43b824c22004542b54063c5f Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Sat, 16 Oct 2021 10:02:48 +0000
Subject: [PATCH] Accepting request 915506 from
 home:jsegitz:branches:systemdhardening:network

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/915506
OBS-URL: https://build.opensuse.org/package/show/network/ddclient?expand=0&rev=60
---
 ddclient.changes |  6 ++++++
 ddclient.service | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/ddclient.changes b/ddclient.changes
index 52e5ae7..3205e55 100644
--- a/ddclient.changes
+++ b/ddclient.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Sep  1 12:27:43 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * ddclient.service
+
 -------------------------------------------------------------------
 Tue May 18 14:43:16 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
 
diff --git a/ddclient.service b/ddclient.service
index 5c7684f..28b5f16 100644
--- a/ddclient.service
+++ b/ddclient.service
@@ -3,6 +3,19 @@ Description=A Perl Client Used To Update Dynamic DNS
 After=network.target nss-lookup.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 User=ddclient
 Group=ddclient
 Type=forking