Accepting request 933462 from home:jsegitz:branches:systemdhardening:Base:System
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/933462 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysstat?expand=0&rev=130
This commit is contained in:
parent
acbf41dda9
commit
79f775fb5e
22
harden_sysstat.service.patch
Normal file
22
harden_sysstat.service.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: sysstat-12.4.3/sysstat.service.in
|
||||
===================================================================
|
||||
--- sysstat-12.4.3.orig/sysstat.service.in
|
||||
+++ sysstat-12.4.3/sysstat.service.in
|
||||
@@ -10,6 +10,17 @@ Description=Resets System Activity Logs
|
||||
After=remote-fs.target local-fs.target
|
||||
|
||||
[Service]
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectSystem=full
|
||||
+ProtectHome=true
|
||||
+ProtectHostname=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
+ProtectControlGroups=true
|
||||
+RestrictRealtime=true
|
||||
+# end of automatic additions
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
User=@CRON_OWNER@
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 24 12:33:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
||||
* harden_sysstat.service.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Oct 3 15:11:09 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
|
||||
|
||||
|
@ -33,6 +33,7 @@ Patch0: sysstat-8.1.6-sa1sa2lock.diff
|
||||
Patch2: sysstat-8.0.4-pagesize.diff
|
||||
# PATCH-FIX-OPENSUSE bsc#1151453
|
||||
Patch3: sysstat-service.patch
|
||||
Patch4: harden_sysstat.service.patch
|
||||
BuildRequires: findutils
|
||||
BuildRequires: gettext-runtime
|
||||
BuildRequires: pkgconfig
|
||||
@ -75,6 +76,7 @@ from a sysstat package.
|
||||
cp %{SOURCE1} .
|
||||
# remove date and time from objects
|
||||
find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \;
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
export conf_dir="%{_sysconfdir}/sysstat"
|
||||
|
Loading…
Reference in New Issue
Block a user