diff --git a/harden_shairport-sync.service.patch b/harden_shairport-sync.service.patch
new file mode 100644
index 0000000..c3a9f73
--- /dev/null
+++ b/harden_shairport-sync.service.patch
@@ -0,0 +1,22 @@
+Index: shairport-sync-3.3.8/scripts/shairport-sync.service.in
+===================================================================
+--- shairport-sync-3.3.8.orig/scripts/shairport-sync.service.in
++++ shairport-sync-3.3.8/scripts/shairport-sync.service.in
+@@ -7,6 +7,17 @@ Wants=network-online.target
+ After=network.target network-online.target
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ ExecStart=@prefix@/bin/shairport-sync
+ User=shairport-sync
+ Group=shairport-sync
diff --git a/shairport-sync.changes b/shairport-sync.changes
index 2ad9d17..4082356 100644
--- a/shairport-sync.changes
+++ b/shairport-sync.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 17 08:08:53 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_shairport-sync.service.patch
+
 -------------------------------------------------------------------
 Wed Aug 18 01:55:20 UTC 2021 - Hillwood Yang <hillwood@opensuse.org>
 
diff --git a/shairport-sync.spec b/shairport-sync.spec
index 73db209..2d70d14 100644
--- a/shairport-sync.spec
+++ b/shairport-sync.spec
@@ -29,6 +29,7 @@ Source2:        README.SUSE
 # PATCH-FIX-OPENSUSE drop-user-config.patch hillwood@opensuse.org -- Move configuring user account to rpm spec.
 # Move configuring user account to rpm spec.
 Patch0:         drop-user-config.patch
+Patch1:	harden_shairport-sync.service.patch
 BuildRequires:  fdupes
 BuildRequires:  firewall-macros
 BuildRequires:  gcc-c++
@@ -66,6 +67,7 @@ video or photo streaming.
 %setup -q
 %patch0 -p1
 cp %{SOURCE2} .
+%patch1 -p1
 
 %build
 autoreconf -i -f