From df9f95f5440191cdcc0e60c4b6fc5867bf669e4f51438c0ab76da3ba44914bae Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Tue, 31 May 2022 16:27:18 +0000
Subject: [PATCH] Accepting request 933797 from
 home:jsegitz:branches:systemdhardening:server:http

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/933797
OBS-URL: https://build.opensuse.org/package/show/server:http/thttpd?expand=0&rev=47
---
 thttpd.changes |  6 ++++++
 thttpd.service | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/thttpd.changes b/thttpd.changes
index 137d16d..93f13c1 100644
--- a/thttpd.changes
+++ b/thttpd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 24 15:13:25 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * thttpd.service
+
 -------------------------------------------------------------------
 Thu May 14 08:42:14 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
 
diff --git a/thttpd.service b/thttpd.service
index 27e1604..4529bab 100644
--- a/thttpd.service
+++ b/thttpd.service
@@ -2,6 +2,19 @@
 Description=Tiny HTTP Daemon
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 PIDFile=/run/thttpd.pid
 ExecStart=/usr/sbin/thttpd -D -C /etc/thttpd.conf
 Restart=always