Alexander Bergmann
ad02a1aeeb
- update to 5.9.1: - General: Many bug fixes - Change to use systemd service files directly from net-snmp package. Patch clean-up and renaming. Add: * net-snmp-5.9.1-suse-systemd-service-files.patch * net-snmp-5.9.1-harden_snmpd.service.patch * net-snmp-5.9.1-harden_snmptrapd.service.patch * net-snmp-5.9.1-add-lustre-fs-support.patch Remove: * snmpd.service * snmptrapd.service * harden_snmpd.service.patch * harden_snmptrapd.service.patch * net-snmp-5.8-add-lustre-fs-support.patch - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_snmpd.service.patch * harden_snmptrapd.service.patch Modified: * snmpd.service * snmptrapd.service OBS-URL: https://build.opensuse.org/request/show/926819 OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=38
22 lines
740 B
Diff
22 lines
740 B
Diff
Index: net-snmp-5.9/dist/snmpd.service
|
|
===================================================================
|
|
--- net-snmp-5.9.orig/dist/snmpd.service
|
|
+++ net-snmp-5.9/dist/snmpd.service
|
|
@@ -10,6 +10,16 @@ Description=Simple Network Management Pr
|
|
After=syslog.target network.target
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+ProtectHostname=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
# Type=notify is also supported. It should be set when snmpd.socket is not used.
|
|
Type=simple
|
|
ExecStart=/usr/sbin/snmpd -f
|