Accepting request 933462 from home:jsegitz:branches:systemdhardening:Base:System
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/933462 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysstat?expand=0&rev=130
This commit is contained in:
parent
acbf41dda9
commit
79f775fb5e
22
harden_sysstat.service.patch
Normal file
22
harden_sysstat.service.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
Index: sysstat-12.4.3/sysstat.service.in
|
||||||
|
===================================================================
|
||||||
|
--- sysstat-12.4.3.orig/sysstat.service.in
|
||||||
|
+++ sysstat-12.4.3/sysstat.service.in
|
||||||
|
@@ -10,6 +10,17 @@ Description=Resets System Activity Logs
|
||||||
|
After=remote-fs.target local-fs.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
+# added automatically, for details please see
|
||||||
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||||
|
+ProtectSystem=full
|
||||||
|
+ProtectHome=true
|
||||||
|
+ProtectHostname=true
|
||||||
|
+ProtectKernelTunables=true
|
||||||
|
+ProtectKernelModules=true
|
||||||
|
+ProtectKernelLogs=true
|
||||||
|
+ProtectControlGroups=true
|
||||||
|
+RestrictRealtime=true
|
||||||
|
+# end of automatic additions
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
User=@CRON_OWNER@
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 24 12:33:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||||
|
|
||||||
|
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
||||||
|
* harden_sysstat.service.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Oct 3 15:11:09 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
|
Sun Oct 3 15:11:09 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
|
||||||
|
|
||||||
|
@ -33,6 +33,7 @@ Patch0: sysstat-8.1.6-sa1sa2lock.diff
|
|||||||
Patch2: sysstat-8.0.4-pagesize.diff
|
Patch2: sysstat-8.0.4-pagesize.diff
|
||||||
# PATCH-FIX-OPENSUSE bsc#1151453
|
# PATCH-FIX-OPENSUSE bsc#1151453
|
||||||
Patch3: sysstat-service.patch
|
Patch3: sysstat-service.patch
|
||||||
|
Patch4: harden_sysstat.service.patch
|
||||||
BuildRequires: findutils
|
BuildRequires: findutils
|
||||||
BuildRequires: gettext-runtime
|
BuildRequires: gettext-runtime
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -75,6 +76,7 @@ from a sysstat package.
|
|||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
# remove date and time from objects
|
# remove date and time from objects
|
||||||
find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \;
|
find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \;
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export conf_dir="%{_sysconfdir}/sysstat"
|
export conf_dir="%{_sysconfdir}/sysstat"
|
||||||
|
Loading…
Reference in New Issue
Block a user