# Proftpd allows specification of ciphers; mod_tls.conf specifies system default
# Similarly with mod_proxy
addFilter("crypto-policy-non-compliance-openssl /usr/sbin/proftpd SSL_CTX_set_cipher_list")
addFilter("crypto-policy-non-compliance-openssl /usr/libexec/proftpd/mod_proxy.so SSL_CTX_set_cipher_list")

# All FTP daemons provide this
addFilter("unversioned-explicit-provides ftpserver")

# These modes are intentional
addFilter("non-readable /etc/proftpd.conf 640")
addFilter("non-readable /etc/proftpd/anonftp.conf 640")
addFilter("non-readable /etc/proftpd/mod_ban.conf 640")
addFilter("non-readable /etc/proftpd/mod_qos.conf 640")
addFilter("non-readable /etc/proftpd/mod_tls.conf 640")
addFilter("non-readable /etc/proftpd/modules.conf 640")
addFilter("non-standard-dir-perm /var/ftp/uploads 331")
addFilter("non-standard-dir-perm /var/log/proftpd 750")

# File should exist but have no default content
addFilter("zero-length /etc/ftpusers")

# Same manpage as proftpd
addFilter("no-manual-page-for-binary in.proftpd")

# Upstream does not provide documentation for devel tools/API yet
addFilter("no-documentation")
addFilter("no-manual-page-for-binary prxs")

# This is documentation as far as the packaging is concerned
addFilter("potential-bashisms /usr/share/doc/proftpd/sample-configurations/PFTEST.install")

# Package uses alternative approach of owning the tmpfile
addFilter("post-without-tmpfile-creation /usr/lib/tmpfiles.d/proftpd.conf")

# Not that huge really
addFilter("package-with-huge-docs ")

# Most ftp daemons are packaged to use /var/ftp
addFilter("non-standard-dir-in-var ftp")

# /var/log is owned by filesystem, no need to own it ourselves
addFilter("logrotate-log-dir-not-packaged /var/log")

# Technical terms
addFilter("spelling-error \('(passwd|proxying|systemd)',")

# Should be OK because it honors SOURCE_DATE_EPOCH
addFilter("file-contains-date-and-time /usr/include/proftpd/buildstamp.h")