diff --git a/bitlbee.changes b/bitlbee.changes
index fba9dd9..c26a6a1 100644
--- a/bitlbee.changes
+++ b/bitlbee.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Aug 25 08:20:54 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_bitlbee.service.patch
+  Modified:
+  * bitlbee.service-suse.in
+
 -------------------------------------------------------------------
 Tue Jul 14 16:05:02 UTC 2020 - Matej Cepl <mcepl@suse.com>
 
diff --git a/bitlbee.service-suse.in b/bitlbee.service-suse.in
index 3d8fea5..83de0f5 100644
--- a/bitlbee.service-suse.in
+++ b/bitlbee.service-suse.in
@@ -14,6 +14,19 @@ Description=Bitblee Daemon the IM to IRC gateway
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=read-only
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 ExecStartPre=/usr/bin/mkdir -p /run/bitlbee
 ExecStartPre=/usr/bin/chown bitlbee.bitlbee /run/bitlbee
diff --git a/bitlbee.spec b/bitlbee.spec
index 6f5e6ea..690bb08 100644
--- a/bitlbee.spec
+++ b/bitlbee.spec
@@ -27,6 +27,7 @@ Group:          Productivity/Networking/IRC
 URL:            http://www.bitlbee.org/
 Source:         http://get.bitlbee.org/src/bitlbee-%{version}.tar.gz
 Source2:        %{name}.service-suse.in
+Patch0:	harden_bitlbee.service.patch
 BuildRequires:  fdupes
 BuildRequires:  glibc-devel
 BuildRequires:  gnutls-devel
@@ -82,6 +83,7 @@ This package contains development files for external plugins.
 
 %prep
 %setup -q
+%patch0 -p1
 
 # make it verbose!
 find . -name Makefile -exec sed -i.orig 's|@$(CC)|$(CC)|;s|@$(LD)|$(LD)|' {} +
diff --git a/harden_bitlbee.service.patch b/harden_bitlbee.service.patch
new file mode 100644
index 0000000..dc86394
--- /dev/null
+++ b/harden_bitlbee.service.patch
@@ -0,0 +1,24 @@
+Index: bitlbee-3.6/init/bitlbee.service.in
+===================================================================
+--- bitlbee-3.6.orig/init/bitlbee.service.in
++++ bitlbee-3.6/init/bitlbee.service.in
+@@ -2,6 +2,19 @@
+ Description=BitlBee IRC/IM gateway
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=read-only
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ ExecStart=@sbindir@bitlbee -F -n
+ KillMode=process
+