Overview

File harden_ntpd.service.patch of Package ntpsec

Index: ntpsec-1.2.1/etc/ntpd.service
===================================================================
--- ntpsec-1.2.1.orig/etc/ntpd.service
+++ ntpsec-1.2.1/etc/ntpd.service
@@ -9,6 +9,16 @@ Conflicts=systemd-timesyncd.service
 [Service]
 Type=forking
 PrivateTmp=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# end of automatic additions 
 ExecStart=@SBINDIR@/ntpd -g -N -u ntp:ntp
 # Specifying -g on the command line allows ntpd to make large adjustments to
 # the clock on boot.  However, if Restart=yes is set, a malicious (or broken)
openSUSE Build Service is sponsored by
Places