openSUSE admin

Thank you, for your prompt reply.
Noted, since this service is legit and used for hosting public content, no
further action needed.

On Mon, May 27, 2024 at 1:37 PM crameleon redmine@opensuse.org wrote:

[openSUSE Tracker]
Issue #160958 has been updated by crameleon.

Category set to Mirrors
Status changed from New to Feedback

Hi,

this is by design, the service hosts public content for synchronization by
mirrors. The same content is also available over HTTP(s) at
https://provo-mirror.opensuse.org/.

Any particular issue with this?

---

tickets #160958: Publicly exposed rsync (
provo-downloadcontent.opensuse.org)
https://progress.opensuse.org/issues/160958#change-801614

• Author: cybersecurity@suse.com
• Status: Feedback
• Priority: Normal
• Category: Mirrors

* Start date: 2024-05-27¶

Dear Heroes of Opensuse,

Recently, a security finding has been found in opensuse infra, details of
which are given below:

Security Finding:
RSYNC port (873) is found open without authentication controls.
IP : 91.193.113.71 Port: 873

Recommended action:
Default rsync port to be blocked and RSYNC to be used with SSH
authentication.

Best Regards,
Shiwang on behalf of SUSE Cybersecurity Team.

--
You have received this notification because you either subscribed to or
are involved in this discussion.
To change your notification preferences, please visit
https://progress.opensuse.org/my/account.