forked from pool/audit
d1358f4337
- Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program - Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program OBS-URL: https://build.opensuse.org/request/show/1096509 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=148
21 lines
640 B
Diff
21 lines
640 B
Diff
Index: audit-3.1.1/init.d/auditd.service
|
|
===================================================================
|
|
--- audit-3.1.1.orig/init.d/auditd.service
|
|
+++ audit-3.1.1/init.d/auditd.service
|
|
@@ -39,6 +39,15 @@ LockPersonality=true
|
|
#ProtectControlGroups=true
|
|
ProtectKernelModules=true
|
|
RestrictRealtime=true
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelLogs=true
|
|
+# end of automatic additions
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|