Overview

Request 1193773 superseded

Supplement to the "crowdsec" package. We're currently missing packaged Remediators ("Bouncers").

Staging Bot's avatar
Staging Bot (staging-bot) -

@Alexander_Naumov, @WernerFink, @ahodgkinson, @bitshuffler, @dbuss, @duwe, @gregfreemyer, @jjolly, @jsegitz, @lrupp, @mseben, @msmeissn, @ojkastl_buildservice, @psmt, @varkoly, @vpereirabr: review reminder

Johannes Kastl's avatar
Johannes Kastl (ojkastl_buildservice) -
target maintainer

Looks good, thanks for the SR.

install -D -m 0600 scripts/_bouncer.sh %{buildroot}%{_usr}/lib/%{name}/_bouncer.sh

Shouldn't the file be executable? And why only allow root access to that file? There should be no "secrets" in it.

install -D -m 0600 scripts/_bouncer.sh %{buildroot}%{_usr}/lib/%{name}/_bouncer.sh

Why allow everyone read access (755 on the directory) and then restrict everyone but root to read this file?

I take it the service needs to be run as root to have permissions for using iptables etc?

Aeneas Jaißle's avatar
Aeneas Jaißle (aeneas_jaissle) -
author target maintainer

Good catch, that wasn't intended. The script is now 0755, but should normally only be used by root (-scripts). It does configuration manipulation like adding a local API key to the bouncer config. New SR on its' way.

Request History
Aeneas Jaißle's avatar

aeneas_jaissle created request

Supplement to the "crowdsec" package. We're currently missing packaged Remediators ("Bouncers").

Aeneas Jaißle's avatar

aeneas_jaissle superseded request

openSUSE Build Service is sponsored by
Places