diff --git a/pen.changes b/pen.changes index 4d923db..0c3c14c 100644 --- a/pen.changes +++ b/pen.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Oct 18 14:17:33 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * pen.service + ------------------------------------------------------------------- Mon Aug 17 20:00:26 UTC 2020 - Dirk Mueller diff --git a/pen.service b/pen.service index 9d9f3db..9478ff4 100644 --- a/pen.service +++ b/pen.service @@ -2,6 +2,19 @@ Description=A simple load balancer for tcp based protocols After=time-sync.target nss-lookup.target syslog.socket remote-fs.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking ExecStart=/usr/share/pen/scripts/rcpen start ExecStop=/usr/share/pen/scripts/rcpen stop