It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Since tshark uses with version 3.4.0 an always enabled asynchronous DNS
resolution c-ares is a needed dependency.
- Since curl can also use c-ares --> https://c-ares.haxx.se/ it has been
placed in make.sh before curl even no compiletime options has been set
to enable this. c-ares has also been placed in packages and not in common
which would be needed if it should be used for curl too.
Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bacula install used the bacula initscript for starting and stopping bacula.
This works fine but results in no pid or memory input in the addons table
under services.
Using the IPFire initscript also successfully starts and stops bacula with
no problems but also provides the pid and memory information in the services
addons table.
- rootfiles adjusted to remove the reference to bacula-ctl-fd
- lfs/bacula adjusted to remove the init.d/bacula link generation
remove the "rm -f /root/.rnd" command. This file is not present
and I have not seen this command in any other lfs file that I
have looked at.
- new bacula initscript created
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added a backup/includes file for apcupsd to backup the
/etc/apcupsd/ directory where all the configuration files
are stored. Currently there is no backup available to
save the state of any changes carried out to the configuration
or action files.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog obtained from: https://cisofy.com/changelog/lynis/#301
- Detection of Alpine Linux
- Detection of CloudLinux
- Detection of Kali Linux
- Detection of Linux Mint
- Detection of macOS Big Sur (11.0)
- Detection of Pop!_OS
- Detection of PHP 7.4
- Malware detection tool: Microsoft Defender ATP
- New flag: --slow-warning to allow tests more time before showing a
warning
- Test TIME-3185 to check systemd-timesyncd synchronized time
- rsh host file permissions
- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash
versions
- BOOT-5122 - Presence check for grub.d added
- CRYP-7902 - Added support for certificates in DER format
- CRYP-7931 - Added data to report
- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
- FILE-6430 - Don't grep nonexistant modprobe.d files
- FIRE-4535 - Set initial firewall state
- INSE-8312 - Corrected text on screen
- KRNL-5728 - Handle zipped kernel configuration correctly
- KRNL-5830 - Improved version detection for non-symlinked kernel
- MALW-3280 - Extended detection of BitDefender
- TIME-3104 - Find more time synchronization commands
- TIME-3182 - Corrected detection of time peers
- Fix: hostid generation routine would sometimes show too short IDs
- Fix: language detection
- Generic improvements for macOS
- German translation updated
- End-of-life database updated
- Several minor code enhancements
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We do not use the Python module and can therefore
only have one rootfile for all architectures.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Several Fixes (incl. CVE-2019-13033 and CVE-2020-13882) and features has been added since the last version 2.6.4 .
For a full overview of the changes take a look in here --> https://cisofy.com/changelog/lynis/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
