Overview

File harden_prometheus-webhook-snmp.service.patch of Package prometheus-webhook-snmp

Index: prometheus-webhook-snmp-1.4/prometheus-webhook-snmp.service
===================================================================
--- prometheus-webhook-snmp-1.4.orig/prometheus-webhook-snmp.service
+++ prometheus-webhook-snmp-1.4/prometheus-webhook-snmp.service
@@ -3,6 +3,19 @@ Description=Prometheus Alertmanager rece
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=-/etc/default/prometheus-webhook-snmp
 ExecStart=/usr/bin/prometheus-webhook-snmp $PROMETHEUS_WEBHOOK_SNMP_OPTIONS run
 ExecReload=/bin/kill -HUP $MAINPID
openSUSE Build Service is sponsored by
Places