telnet and ftp

3 files changed, 114 insertions, 3 deletions

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index bdc5ff6b2..3f4c69dfe 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -494,7 +494,6 @@ blacklist ${PATH}/unix_chkpwd
 blacklist ${PATH}/xev
 blacklist ${PATH}/xinput
 # from 0.9.67
-blacklist ${PATH}/ssh
 blacklist /usr/lib/openssh
 blacklist /usr/lib/ssh
 blacklist /usr/libexec/openssh
@@ -583,8 +582,7 @@ blacklist ${HOME}/sent
 # kernel configuration
 blacklist /proc/config.gz
 
-# prevent DNS malware attempting to communicate with the server
-# using regular DNS tools
+# prevent DNS malware attempting to communicate with the server using regular DNS tools
 blacklist ${PATH}/dig
 blacklist ${PATH}/dlint
 blacklist ${PATH}/dns2tcp
@@ -602,6 +600,11 @@ blacklist ${PATH}/nslookup
 blacklist ${PATH}/resolvectl
 blacklist ${PATH}/unbound-host
 
+# prevent an intruder to guess passwords using regular network tools
+blacklist ${PATH}/ftp
+blacklist ${PATH}/ssh
+blacklist ${PATH}/telnet
+
 # rest of ${RUNUSER}
 blacklist ${RUNUSER}/*.lock
 blacklist ${RUNUSER}/inaccessible
diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile
new file mode 100644
index 000000000..29470360c
--- /dev/null
+++ b/etc/profile-a-l/ftp.profile
@@ -0,0 +1,54 @@
+# Firejail profile for ftp
+# Description: standard File Access Protocol utility
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include ftp.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PATH}/ftp
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+#include disable-shell.inc
+include disable-write-mnt.inc
+include disable-X11.inc
+include disable-xdg.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+
+#disable-mnt
+#private-bin PROGRAMS
+private-cache
+private-dev
+#private-etc FILES
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+noexec ${HOME}
diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile
new file mode 100644
index 000000000..0b0510460
--- /dev/null
+++ b/etc/profile-m-z/telnet.profile
@@ -0,0 +1,54 @@
+# Firejail profile for ftp
+# Description: standard File Access Protocol utility
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include telnet.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PATH}/telnet
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+#include disable-shell.inc
+include disable-write-mnt.inc
+include disable-X11.inc
+include disable-xdg.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+
+#disable-mnt
+#private-bin PROGRAMS
+private-cache
+private-dev
+#private-etc FILES
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+noexec ${HOME}