diff --git a/harden_appstream-sync-cache.service.patch b/harden_appstream-sync-cache.service.patch
new file mode 100644
index 0000000..f6cfdd3
--- /dev/null
+++ b/harden_appstream-sync-cache.service.patch
@@ -0,0 +1,24 @@
+Index: openSUSE-appstream-1.0.1+git.20180426/appstream-sync-cache.service
+===================================================================
+--- openSUSE-appstream-1.0.1+git.20180426.orig/appstream-sync-cache.service
++++ openSUSE-appstream-1.0.1+git.20180426/appstream-sync-cache.service
+@@ -4,6 +4,19 @@ After=local-fs.target
+ ConditionDirectoryNotEmpty=!/var/cache/app-info/xmls
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=forking
+ ExecStart=/usr/bin/zypper appstream-cache
+ 
diff --git a/libzypp-plugin-appdata.changes b/libzypp-plugin-appdata.changes
index bdc2295..c3ddc31 100644
--- a/libzypp-plugin-appdata.changes
+++ b/libzypp-plugin-appdata.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Oct  5 09:12:00 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_appstream-sync-cache.service.patch
+
 -------------------------------------------------------------------
 Fri Sep  4 12:46:34 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/libzypp-plugin-appdata.spec b/libzypp-plugin-appdata.spec
index c872672..d3554a5 100644
--- a/libzypp-plugin-appdata.spec
+++ b/libzypp-plugin-appdata.spec
@@ -25,6 +25,7 @@ Group:          System/Libraries
 URL:            https://wiki.gnome.org/Design/Apps/Software
 Source0:        openSUSE-appstream-%{version}.tar.xz
 Source99:       libzypp-plugin-appdata-rpmlintrc
+Patch0:	harden_appstream-sync-cache.service.patch
 # appstreamcli is provided by the AppStream package. Let's pull it in when available, but ignore its absence
 Recommends:     AppStream
 # appstream-glib >= 0.3.6 is the first to correctly to appstream-util uninstall in /var/cache
@@ -59,6 +60,7 @@ This package contains extra appstream metadata to be used by appstream-builder
 
 %prep
 %setup -q -n openSUSE-appstream-%{version}
+%patch0 -p1
 
 %build