Accepting request 911242 from home:jsegitz:branches:systemdhardening:network:utilities

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/911242
OBS-URL: https://build.opensuse.org/package/show/network:utilities/2ping?expand=0&rev=31

2ping.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Aug 10 09:28:47 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_2ping.service.patch
+
 -------------------------------------------------------------------
 Mon Jun 14 09:56:20 UTC 2021 - Jiri Slaby <jslaby@suse.cz>
 

2ping.spec

@@ -25,6 +25,7 @@ URL:            https://www.finnie.org/software/2ping/
 Source0:        https://www.finnie.org/software/2ping/%{name}-%{version}.tar.gz
 Source1:        https://www.finnie.org/software/2ping/%{name}-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
+Patch0:         harden_2ping.service.patch
 BuildRequires:  fdupes
 BuildRequires:  python3-devel >= 3.6
 BuildRequires:  python3-distro

harden_2ping.service.patch

@@ -0,0 +1,16 @@
+Index: 2ping-4.5.1/2ping.service
+===================================================================
+--- 2ping-4.5.1.orig/2ping.service
++++ 2ping-4.5.1/2ping.service
+@@ -30,6 +30,11 @@ RestrictAddressFamilies=AF_NETLINK AF_IN
+ RestrictNamespaces=yes
+ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHostname=true
++ProtectClock=true
++# end of automatic additions 
+ User=nobody
+ 
+ [Install]