pool/fail2ban
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fail2ban/harden_fail2ban.service.patch
Dirk Mueller 2875395348 - update to 1.1.0: 
* circumvent SEGFAULT in a python's socket module by
    getaddrinfo with disabled IPv6 (gh-3438)
  * avoid sporadic error in pyinotify backend if pending file
    deleted in other thread, e. g. by flushing logs (gh-3635)
  * `action.d/cloudflare-token.conf` - fixes gh-3479, url-encode
    args by unban
  * `action.d/*ipset*`: make `maxelem` ipset option configurable
    through banaction arguments (gh-3564)
  * `filter.d/apache-common.conf` - accepts remote besides client
    (gh-3622)
  * `filter.d/mysqld-auth.conf` - matches also if no suffix in
    message (mariadb 10.3 log format, gh-3603)
  * `filter.d/nginx-*.conf` - nginx error-log filters extended
    with support of journal format (gh-3646)
  * `filter.d/postfix.conf`:
    - "rejected" rule extended to match "Access denied" too
    - avoid double counting ('lost connection after AUTH'
      together with message 'disconnect ...', gh-3505)
    - add Sender address rejected: Malformed DNS server reply
    - add to postfix syslog daemon format (gh-3690)
    - change journalmatch postfix, allow sub-units with
      postfix@-.service (gh-3692)
  * `filter.d/recidive.conf`: support for systemd-journal,
    conditional RE depending on logtype (for file or journal,
    gh-3693)
  * `filter.d/slapd.conf` - filter rewritten for single-line
    processing, matches errored result without `text=...`
    (gh-3604)
  * supports python 3.12 and 3.13 (gh-3487)

OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=122
2024-10-23 09:11:36 +00:00

24 lines
762 B
Diff
Raw Permalink Blame History

Index: fail2ban-0.11.2/files/fail2ban.service.in
===================================================================
--- fail2ban-0.11.2.orig/files/fail2ban.service.in
+++ fail2ban-0.11.2/files/fail2ban.service.in
@@ -5,6 +5,18 @@ After=network.target iptables.service fi
PartOf=firewalld.service
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=simple
EnvironmentFile=-/etc/sysconfig/fail2ban
Environment="PYTHONNOUSERSITE=1"
Reference in New Issue View Git Blame Copy Permalink