a9c8dba764
- Remove unsupported hardening flags when using old version with old systemd. - Removed harden_oidentd@.service.patch as this package is using own service instead of upstream one, which also has same security switches. - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_oidentd@.service.patch Modified: * oidentd@.service OBS-URL: https://build.opensuse.org/request/show/925220 OBS-URL: https://build.opensuse.org/package/show/network:utilities/oidentd?expand=0&rev=28
24 lines
718 B
Desktop File
24 lines
718 B
Desktop File
[Unit]
|
|
Description=RFC 1413 compliant per-connection identification server
|
|
Documentation=man:oidentd(8) man:oidentd.conf(5) man:oidentd_masq.conf(5)
|
|
|
|
[Service]
|
|
Type=simple
|
|
PrivateDevices=true
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
EnvironmentFile=/etc/sysconfig/oidentd
|
|
ExecStart=/usr/sbin/oidentd -I -u nobody -g nobody --foreground --nosyslog $OIDENTD_OPTIONS
|
|
StandardInput=socket
|
|
StandardError=syslog
|