Overview

File harden_osmo-nitb.service.patch of Package openbsc

Index: openbsc-1.4.0/openbsc/contrib/systemd/osmo-nitb.service
===================================================================
--- openbsc-1.4.0.orig/openbsc/contrib/systemd/osmo-nitb.service
+++ openbsc-1.4.0/openbsc/contrib/systemd/osmo-nitb.service
@@ -2,6 +2,17 @@
 Description=OpenBSC Network In the Box (NITB)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 Restart=always
 ExecStart=/usr/bin/osmo-nitb -s -C -c /etc/osmocom/osmo-nitb.cfg -l /var/lib/osmocom/hlr.sqlite3
openSUSE Build Service is sponsored by
Places