diff --git a/dhcp.changes b/dhcp.changes index 2c294bb..78a29be 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -6,6 +6,15 @@ Tue Oct 26 11:58:59 UTC 2021 - Reinhard Max removal once we don't have to support SLE-12 anymore. - bsc#1192020: Drop the obsolete dependency on "group(nogroup)". +------------------------------------------------------------------- +Mon Sep 13 13:50:50 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * dhcpd.service + * dhcpd6.service + * dhcrelay.service + * dhcrelay6.service + ------------------------------------------------------------------- Thu Aug 5 11:33:54 UTC 2021 - Reinhard Max diff --git a/dhcpd.service b/dhcpd.service index 51d2524..40d7365 100644 --- a/dhcpd.service +++ b/dhcpd.service @@ -4,6 +4,18 @@ Before=multi-user.target After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking Restart=on-abort ExecStart=@LIBEXECDIR@/dhcp/dhcpd -4 start diff --git a/dhcpd6.service b/dhcpd6.service index 0b62b29..af974cd 100644 --- a/dhcpd6.service +++ b/dhcpd6.service @@ -4,6 +4,18 @@ Before=multi-user.target After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking Restart=on-abort ExecStart=@LIBEXECDIR@/dhcp/dhcpd -6 start diff --git a/dhcrelay.service b/dhcrelay.service index 10fc178..ba77767 100644 --- a/dhcrelay.service +++ b/dhcrelay.service @@ -4,6 +4,18 @@ Before=multi-user.target After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking Restart=on-abort ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -4 start diff --git a/dhcrelay6.service b/dhcrelay6.service index 751a21d..f3f5dba 100644 --- a/dhcrelay6.service +++ b/dhcrelay6.service @@ -4,6 +4,18 @@ Before=multi-user.target After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking Restart=on-abort ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -6 start