Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package argus for openSUSE:Factory checked in at 2021-08-18 08:55:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/argus (Old) and /work/SRC/openSUSE:Factory/.argus.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "argus" Wed Aug 18 08:55:52 2021 rev:29 rq:912408 version:3.0.8.3 Changes: -------- --- /work/SRC/openSUSE:Factory/argus/argus.changes 2021-06-27 19:00:55.700421598 +0200 +++ /work/SRC/openSUSE:Factory/.argus.new.1899/argus.changes 2021-08-18 08:56:38.870922986 +0200 @@ -1,0 +2,8 @@ +Tue Aug 10 11:50:18 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s). Added patch(es): + * harden_argus.service.patch + Modified: + * argus.service + +------------------------------------------------------------------- New: ---- harden_argus.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ argus.spec ++++++ --- /var/tmp/diff_new_pack.NARugg/_old 2021-08-18 08:56:39.374922393 +0200 +++ /var/tmp/diff_new_pack.NARugg/_new 2021-08-18 08:56:39.378922389 +0200 @@ -28,6 +28,7 @@ Source4: argus_linux.8.gz Source5: argus.service Patch1: %{name}-3.0.6.1-libpcap.patch +Patch2: harden_argus.service.patch BuildRequires: bison BuildRequires: flex BuildRequires: libnsl-devel @@ -56,6 +57,7 @@ %patch1 -p1 cp %{SOURCE3} . cp %{SOURCE4} man/man8/ +%patch2 -p1 %build #autoreconf -fiv ++++++ argus.service ++++++ --- /var/tmp/diff_new_pack.NARugg/_old 2021-08-18 08:56:39.426922332 +0200 +++ /var/tmp/diff_new_pack.NARugg/_new 2021-08-18 08:56:39.426922332 +0200 @@ -3,6 +3,19 @@ After=syslog.target network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions PIDFile=/var/run/argus.pid ExecStart=/usr/sbin/argus -d ++++++ harden_argus.service.patch ++++++ Index: argus-3.0.8.3/support/Startup/argus.service =================================================================== --- argus-3.0.8.3.orig/support/Startup/argus.service +++ argus-3.0.8.3/support/Startup/argus.service @@ -12,6 +12,19 @@ After=network.target # This was tested on Fedora 16 [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStartPre=/sbin/ifconfig em2 up ExecStart=/usr/local/sbin/argus
