diff --git a/harden_ipmi_port.service.patch b/harden_ipmi_port.service.patch index c77eab4..d2f1727 100644 --- a/harden_ipmi_port.service.patch +++ b/harden_ipmi_port.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmi_port.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmi_port.service +++ ipmiutil-3.1.7/scripts/ipmi_port.service -@@ -3,6 +3,18 @@ Description=ipmiutil ipmi_port service +@@ -3,6 +3,17 @@ Description=ipmiutil ipmi_port service After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmi_port.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/harden_ipmiutil_asy.service.patch b/harden_ipmiutil_asy.service.patch index efb93f1..470227d 100644 --- a/harden_ipmiutil_asy.service.patch +++ b/harden_ipmiutil_asy.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_asy.service +++ ipmiutil-3.1.7/scripts/ipmiutil_asy.service -@@ -3,6 +3,18 @@ Description=ipmiutil Async Bridge Agent +@@ -3,6 +3,17 @@ Description=ipmiutil Async Bridge Agent After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/harden_ipmiutil_evt.service.patch b/harden_ipmiutil_evt.service.patch index e39a0c3..0f3bd05 100644 --- a/harden_ipmiutil_evt.service.patch +++ b/harden_ipmiutil_evt.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_evt.service +++ ipmiutil-3.1.7/scripts/ipmiutil_evt.service -@@ -3,6 +3,18 @@ Description=ipmiutil Event Daemon +@@ -3,6 +3,17 @@ Description=ipmiutil Event Daemon After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/harden_ipmiutil_wdt.service.patch b/harden_ipmiutil_wdt.service.patch index 2276287..965efbe 100644 --- a/harden_ipmiutil_wdt.service.patch +++ b/harden_ipmiutil_wdt.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_wdt.service +++ ipmiutil-3.1.7/scripts/ipmiutil_wdt.service -@@ -3,6 +3,18 @@ Description=ipmiutil Watchdog Timer Serv +@@ -3,6 +3,17 @@ Description=ipmiutil Watchdog Timer Serv After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/ipmiutil.changes b/ipmiutil.changes index 6a896e1..9875a22 100644 --- a/ipmiutil.changes +++ b/ipmiutil.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Oct 15 12:12:08 UTC 2021 - Johannes Segitz + +- Drop ProtectClock hardening, can cause issues if other device acceess is needed + ------------------------------------------------------------------- Wed Sep 22 14:47:30 UTC 2021 - Johannes Segitz