Overview

File harden_logwatch.service.patch of Package logwatch

Index: logwatch-7.5.5/scheduler/logwatch.service
===================================================================
--- logwatch-7.5.5.orig/scheduler/logwatch.service
+++ logwatch-7.5.5/scheduler/logwatch.service
@@ -4,6 +4,18 @@ Documentation=man:logwatch(8) man:logwat
 Before=logrotate.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 # This first EnvironmentFile has the Logwatch default variables
 EnvironmentFile=-/usr/share/logwatch/default.conf/systemd.conf
openSUSE Build Service is sponsored by
Places