Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nagios for openSUSE:Factory checked in at 2021-10-29 22:34:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nagios (Old) and /work/SRC/openSUSE:Factory/.nagios.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nagios" Fri Oct 29 22:34:36 2021 rev:21 rq:928140 version:4.4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/nagios/nagios.changes 2021-05-17 18:46:12.288397020 +0200 +++ /work/SRC/openSUSE:Factory/.nagios.new.1890/nagios.changes 2021-10-29 22:35:42.395715511 +0200 @@ -1,0 +2,7 @@ +Fri Oct 15 07:27:58 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * nagios-archive.service + * nagios.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nagios-archive.service ++++++ --- /var/tmp/diff_new_pack.6OjZ1I/_old 2021-10-29 22:35:43.087715772 +0200 +++ /var/tmp/diff_new_pack.6OjZ1I/_new 2021-10-29 22:35:43.091715773 +0200 @@ -2,5 +2,15 @@ Description=Auto-Archiving of Nagios Logfiles [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot ExecStart=/bin/bash -ce "/usr/sbin/nagios-archive" ++++++ nagios.service ++++++ --- /var/tmp/diff_new_pack.6OjZ1I/_old 2021-10-29 22:35:43.159715799 +0200 +++ /var/tmp/diff_new_pack.6OjZ1I/_new 2021-10-29 22:35:43.163715801 +0200 @@ -3,6 +3,16 @@ After=syslog.target network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions EnvironmentFile=/etc/sysconfig/nagios ExecStartPre=/usr/lib/nagios/nagios-exec-start-pre ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg
