commit audit for openSUSE:Factory

Tue, 24 Aug 2021 01:54:07 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package audit for openSUSE:Factory checked 
in at 2021-08-24 10:53:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/audit (Old)
 and      /work/SRC/openSUSE:Factory/.audit.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "audit"

Tue Aug 24 10:53:51 2021 rev:96 rq:912415 version:3.0.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/audit/audit-secondary.changes    2021-08-07 
17:57:19.242797274 +0200
+++ /work/SRC/openSUSE:Factory/.audit.new.1899/audit-secondary.changes  
2021-08-24 10:53:55.052396864 +0200
@@ -1,0 +2,6 @@
+Mon Aug 16 13:29:21 UTC 2021 - Marcus Meissner <meiss...@suse.com>
+
+- harden_auditd.service.patch: automatic hardening applied to systemd
+  services
+
+-------------------------------------------------------------------

New:
----
  harden_auditd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ audit-secondary.spec ++++++
--- /var/tmp/diff_new_pack.6WTrzC/_old  2021-08-24 10:53:55.920395714 +0200
+++ /var/tmp/diff_new_pack.6WTrzC/_new  2021-08-24 10:53:55.924395709 +0200
@@ -36,6 +36,7 @@
 Patch4:         audit-ausearch-do-not-require-tclass.patch
 Patch5:         change-default-log_group.patch
 Patch6:         libev-werror.patch
+Patch7:         harden_auditd.service.patch
 BuildRequires:  audit-devel = %{version}
 BuildRequires:  autoconf >= 2.12
 BuildRequires:  gcc-c++
@@ -127,6 +128,7 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %if %{without python2} && %{with python3}
 # Fix python env call in tests if we only have Python3.

++++++ harden_auditd.service.patch ++++++
Index: audit-3.0.3/init.d/auditd.service
===================================================================
--- audit-3.0.3.orig/init.d/auditd.service
+++ audit-3.0.3/init.d/auditd.service
@@ -35,6 +35,15 @@ ProtectControlGroups=true
 ProtectKernelModules=true
 ProtectHome=true
 RestrictRealtime=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target

Reply via email to