Marcus Meissner
67449df97d
- update to version 2.4.3: * Add signature for BIND * Add signature for Gitea * Add signature for Microsoft SQL Server for Linux * Add signature for OpenVPN Portshare * Add signature for user-defined HTTP attacks * Update signatures for Dovecot * Update signatures for Postfix * Fixed Fix memset off-by-one * Fixed Resolve DNS names in capability mode using casper - removed patch sshguard-overflow.patch as fixed in upstream - clean up .spec file OBS-URL: https://build.opensuse.org/request/show/1114698 OBS-URL: https://build.opensuse.org/package/show/security/sshguard?expand=0&rev=51
25 lines
773 B
Diff
25 lines
773 B
Diff
Index: sshguard-2.4.3/examples/sshguard.service
|
|
===================================================================
|
|
--- sshguard-2.4.3.orig/examples/sshguard.service
|
|
+++ sshguard-2.4.3/examples/sshguard.service
|
|
@@ -9,6 +9,19 @@ After=libvirtd.service
|
|
After=firewalld.service
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
ExecStartPre=-/usr/sbin/iptables -N sshguard
|
|
ExecStart=/usr/local/sbin/sshguard
|
|
Restart=always
|