Source: revpi-security
Section: admin
Priority: optional
Maintainer: KUNBUS GmbH <support@kunbus.com>
Rules-Requires-Root: no
Homepage: https://revolutionpi.com/
Vcs-Browser: https://gitlab.com/revolutionpi/revpi-security
Vcs-Git: https://gitlab.com/revolutionpi/revpi-security.git -b debian/bookworm
Build-Depends:
  cmake,
  debhelper-compat (= 13),
Standards-Version: 4.6.2

Package: revpi-security
Architecture: all
Depends:
  revpi-firewalld-services,
  revpi-pam-faillock,
  revpi-security-ssh,
  ${misc:Depends},
Description: Revolution Pi security tools and configuration (meta-package)
 Meta-package for various tools and configuration for a RevPi.

Package: revpi-pam-faillock
Architecture: all
Pre-Depends:
  ${misc:Pre-Depends},
Depends:
  libpam-runtime,
  ${misc:Depends},
Description: PAM configuration to improve system authentication security
 This package installs a PAM configuration snippet for pam_faillock to
 improve security by limiting repeated failed authentication attempts.
 The configuration is placed in /usr/share/pam-configs and is applied
 non-interactively using `pam-auth-update --package`, ensuring that
 /etc/pam.d/common-* is updated without prompting the user.
 .
 The configuration can be disabled with `pam-auth-update --disable
 revpi-faillock`.

Package: revpi-firewalld-services
Architecture: all
Pre-Depends:
  ${misc:Pre-Depends},
Depends:
  ${misc:Depends},
Description: Firewalld service configuration files for various RevPi services
 Installs various firewalld service configuration files for RevPi services.
 These can be enabled through firewalld through the cli application or through
 Cockpit.

Package: revpi-security-ssh
Architecture: all
Pre-Depends:
  ${misc:Pre-Depends},
Depends:
  ${misc:Depends},
Description: OpenSSH configuration files for hardening sshd
 Contains configuration files to harden the sshd(8) service.
