SHA256
1
0
forked from pool/audit
audit/harden_auditd.service.patch
Wolfgang Frisch d1358f4337 Accepting request 1096509 from home:polslinux:branches:security
- Update to 3.1.1:
  * Add user friendly keywords for signals to auditctl
  * In ausearch, parse up URINGOP and DM_CTRL records
  * Harden auparse to better handle corrupt logs
  * Fix a CFLAGS propogation problem in the common directory
  * Move the audispd af_unix plugin to a standalone program 
- Update to 3.1.1:
  * Add user friendly keywords for signals to auditctl
  * In ausearch, parse up URINGOP and DM_CTRL records
  * Harden auparse to better handle corrupt logs
  * Fix a CFLAGS propogation problem in the common directory
  * Move the audispd af_unix plugin to a standalone program

OBS-URL: https://build.opensuse.org/request/show/1096509
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=148
2023-07-03 14:59:58 +00:00

21 lines
640 B
Diff

Index: audit-3.1.1/init.d/auditd.service
===================================================================
--- audit-3.1.1.orig/init.d/auditd.service
+++ audit-3.1.1/init.d/auditd.service
@@ -39,6 +39,15 @@ LockPersonality=true
#ProtectControlGroups=true
ProtectKernelModules=true
RestrictRealtime=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+# end of automatic additions
[Install]
WantedBy=multi-user.target