telnet and ftp

README.md

@@ -248,4 +248,4 @@ $ ./profstats *.profile
 ### New profiles:
 
 clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta, ncdu2, gallery-dl, yt-dlp, goldendict, bundle,
-cmake, make, meson, pip, codium
+cmake, make, meson, pip, codium, telnet, ftp

RELNOTES

@@ -10,7 +10,7 @@ firejail (0.9.67) baseline; urgency=low
  * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim
  * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl
  * new profiles: yt-dlp, goldendict, goldendict, bundle, cmake
- * new profiles: make, meson, pip, codium
+ * new profiles: make, meson, pip, codium, telnet, ftp
  -- netblue30 <[email protected]> Thu, 29 Jul 2021 09:00:00 -0500
 
 firejail (0.9.66) baseline; urgency=low

etc/inc/disable-common.inc

@@ -494,7 +494,6 @@ blacklist ${PATH}/unix_chkpwd
 blacklist ${PATH}/xev
 blacklist ${PATH}/xinput
 # from 0.9.67
-blacklist ${PATH}/ssh
 blacklist /usr/lib/openssh
 blacklist /usr/lib/ssh
 blacklist /usr/libexec/openssh
@@ -583,8 +582,7 @@ blacklist ${HOME}/sent
 # kernel configuration
 blacklist /proc/config.gz
 
-# prevent DNS malware attempting to communicate with the server
-# using regular DNS tools
+# prevent DNS malware attempting to communicate with the server using regular DNS tools
 blacklist ${PATH}/dig
 blacklist ${PATH}/dlint
 blacklist ${PATH}/dns2tcp
@@ -602,6 +600,11 @@ blacklist ${PATH}/nslookup
 blacklist ${PATH}/resolvectl
 blacklist ${PATH}/unbound-host
 
+# prevent an intruder to guess passwords using regular network tools
+blacklist ${PATH}/ftp
+blacklist ${PATH}/ssh
+blacklist ${PATH}/telnet
+
 # rest of ${RUNUSER}
 blacklist ${RUNUSER}/*.lock
 blacklist ${RUNUSER}/inaccessible

etc/profile-a-l/ftp.profile

@@ -0,0 +1,54 @@
+# Firejail profile for ftp
+# Description: standard File Access Protocol utility
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include ftp.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PATH}/ftp
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+#include disable-shell.inc
+include disable-write-mnt.inc
+include disable-X11.inc
+include disable-xdg.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+
+#disable-mnt
+#private-bin PROGRAMS
+private-cache
+private-dev
+#private-etc FILES
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+noexec ${HOME}

etc/profile-m-z/telnet.profile

@@ -0,0 +1,54 @@
+# Firejail profile for ftp
+# Description: standard File Access Protocol utility
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include telnet.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PATH}/telnet
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+#include disable-shell.inc
+include disable-write-mnt.inc
+include disable-X11.inc
+include disable-xdg.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+
+#disable-mnt
+#private-bin PROGRAMS
+private-cache
+private-dev
+#private-etc FILES
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+noexec ${HOME}

src/firecfg/firecfg.config

@@ -275,6 +275,7 @@ freetube
 freshclam
 frogatto
 frozen-bubble
+ftp
 funnyboat
 gajim
 gajim-history-manager
@@ -767,6 +768,7 @@ teamspeak3
 teeworlds
 telegram
 telegram-desktop
+telnet
 terasology
 textmaker18
 textmaker18free