diff --git a/klog.service b/klog.service
index cf479fc..9140e9c 100644
--- a/klog.service
+++ b/klog.service
@@ -25,6 +25,19 @@ RefuseManualStart=true
 ConditionPathIsDirectory=/var/log
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 StandardError=tty
 StandardOutput=tty
diff --git a/klogd.service b/klogd.service
index d722a30..277afa1 100644
--- a/klogd.service
+++ b/klogd.service
@@ -26,6 +26,19 @@ After=syslogd.service
 RefuseManualStart=true
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 StandardOutput=syslog
 StandardError=syslog
diff --git a/syslogd.changes b/syslogd.changes
index fdf77f5..e8bec7b 100644
--- a/syslogd.changes
+++ b/syslogd.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Nov 24 10:22:12 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * klog.service
+  * klogd.service
+  * syslogd.service
+
 -------------------------------------------------------------------
 Tue Nov 24 17:03:30 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
 
diff --git a/syslogd.service b/syslogd.service
index 350b3c1..da09895 100644
--- a/syslogd.service
+++ b/syslogd.service
@@ -24,6 +24,19 @@ Requires=klogd.service
 Before=klogd.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=notify
 Sockets=syslog.socket
 StandardOutput=null