From db15287c8c179e133c0e5570f3053e3046008786d40e659b7fa7ef50851ae7d9 Mon Sep 17 00:00:00 2001 From: Boris Manojlovic Date: Wed, 12 Jan 2022 10:43:59 +0000 Subject: [PATCH] Accepting request 945795 from home:jsegitz:branches:systemdhardening:server:monitoring:zabbix Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/945795 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=30 --- zabbix-java-gateway.service | 13 +++++++++++++ zabbix.changes | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/zabbix-java-gateway.service b/zabbix-java-gateway.service index 8f96318..2f4efe9 100644 --- a/zabbix-java-gateway.service +++ b/zabbix-java-gateway.service @@ -7,6 +7,19 @@ Type=simple ExecStart=/usr/bin/zabbix-java-gateway run User=zabbixs PrivateTmp=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions [Install] WantedBy=multi-user.target diff --git a/zabbix.changes b/zabbix.changes index 7cab828..d5a8966 100644 --- a/zabbix.changes +++ b/zabbix.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jan 11 10:35:51 UTC 2022 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * zabbix-java-gateway.service + ------------------------------------------------------------------- Tue Oct 5 16:13:41 UTC 2021 - Boris Manojlovic