pool/proftpd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 928151 from network

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/928151
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2021-10-29 20:34:34 +00:00 committed by Git OBS Bridge
commit 69c632a37d
4 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
harden_proftpd.service.patch Normal file
View File

@ -0,0 +1,23 @@
Index: proftpd-1.3.6e/contrib/dist/rpm/proftpd.service
===================================================================
--- proftpd-1.3.6e.orig/contrib/dist/rpm/proftpd.service
+++ proftpd-1.3.6e/contrib/dist/rpm/proftpd.service
@@ -4,6 +4,18 @@ Wants=network-online.target
After=network-online.target nss-lookup.target local-fs.target remote-fs.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type = simple
Environment = PROFTPD_OPTIONS=
EnvironmentFile = -/etc/sysconfig/proftpd

8
proftpd.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Oct 20 13:16:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_proftpd.service.patch
Modified:
* proftpd.service
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 19 14:16:47 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org> Thu Nov 19 14:16:47 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

12
proftpd.service
View File

@ -3,6 +3,18 @@ Description=ProFTPd FTP server
After=systemd-user-sessions.service network.target nss-lookup.target local-fs.target remote-fs.target After=systemd-user-sessions.service network.target nss-lookup.target local-fs.target remote-fs.target
[Service] [Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
ExecStart=/usr/sbin/proftpd --nodaemon ExecStart=/usr/sbin/proftpd --nodaemon
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID

2
proftpd.spec
View File

@ -47,6 +47,7 @@ Patch103: %{name}-strip.patch
Patch104: %{name}-no_BuildDate.patch Patch104: %{name}-no_BuildDate.patch
#RPMLINT-FIX-openSUSE: env-script-interpreter #RPMLINT-FIX-openSUSE: env-script-interpreter
Patch105: %{name}_env-script-interpreter.patch Patch105: %{name}_env-script-interpreter.patch
Patch106: harden_proftpd.service.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildRequires: gpg-offline #BuildRequires: gpg-offline
BuildRequires: fdupes BuildRequires: fdupes
@ -154,6 +155,7 @@ rm README.AIX
%patch103 %patch103
%patch104 %patch104
%patch105 %patch105
%patch106 -p1
%build %build
rm contrib/mod_wrap.c rm contrib/mod_wrap.c