diff --git a/nginx.changes b/nginx.changes
index dedf26a..b2ab385 100644
--- a/nginx.changes
+++ b/nginx.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Oct 15 14:23:41 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
+
+- Add CONFIG parameter to %sysusers_generate_pre
+
+-------------------------------------------------------------------
+Mon Oct 11 09:26:39 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * nginx.service
+
 -------------------------------------------------------------------
 Fri Sep 10 17:44:54 UTC 2021 - Илья Индиго <ilya@ilya.pp.ua>
 
diff --git a/nginx.service b/nginx.service
index ff7a9d8..a9b409e 100644
--- a/nginx.service
+++ b/nginx.service
@@ -12,6 +12,19 @@ KillSignal=SIGQUIT
 TimeoutStopSec=5
 KillMode=mixed
 PrivateTmp=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=read-only
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target
diff --git a/nginx.spec b/nginx.spec
index 63a9139..b7b737f 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -133,7 +133,7 @@ sed -i 's/^\(#define NGX_LISTEN_BACKLOG \).*/\1-1/' src/os/unix/ngx_linux_config
 %{ngx_configure}
 
 %make_build
-%sysusers_generate_pre %{SOURCE9} nginx
+%sysusers_generate_pre %{SOURCE9} nginx nginx.conf
 
 %install
 %make_install