diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-01-02 21:13:38 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-02 21:13:38 +0000 |
commit | 24c11634594842c222367299a748a38bd4dd8ff3 (patch) | |
tree | e74f32bd883105d68b6ace680fae909d0622f293 | |
parent | Additional hardening for whois (diff) | |
download | firejail-24c11634594842c222367299a748a38bd4dd8ff3.tar.gz firejail-24c11634594842c222367299a748a38bd4dd8ff3.tar.zst firejail-24c11634594842c222367299a748a38bd4dd8ff3.zip |
Extra hardening for wget
-rw-r--r-- | etc/wget.profile | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/etc/wget.profile b/etc/wget.profile index c034a3f0e..5b1ba6202 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -7,13 +7,20 @@ include wget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.netrc | ||
10 | noblacklist ${HOME}/.wget-hsts | 11 | noblacklist ${HOME}/.wget-hsts |
11 | noblacklist ${HOME}/.wgetrc | 12 | noblacklist ${HOME}/.wgetrc |
12 | 13 | ||
14 | blacklist /tmp/.X11-unix | ||
15 | |||
13 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | ||
14 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | # depending on workflow you can uncomment the below or put 'include disable-xdg.inc' in your wget.local | ||
23 | include disable-xdg.inc | ||
17 | 24 | ||
18 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
19 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
@@ -21,6 +28,7 @@ include whitelist-var-common.inc | |||
21 | caps.drop all | 28 | caps.drop all |
22 | ipc-namespace | 29 | ipc-namespace |
23 | machine-id | 30 | machine-id |
31 | nodbus | ||
24 | netfilter | 32 | netfilter |
25 | no3d | 33 | no3d |
26 | nodvd | 34 | nodvd |
@@ -36,9 +44,13 @@ seccomp | |||
36 | shell none | 44 | shell none |
37 | tracelog | 45 | tracelog |
38 | 46 | ||
39 | # private-bin wget | 47 | private-bin wget |
48 | private-cache | ||
40 | private-dev | 49 | private-dev |
41 | # private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl | 50 | |
51 | |||
52 | # depending on workflow you can uncomment the below or put this private-etc in your wget.local | ||
53 | #private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl,wgetrc | ||
42 | # private-tmp | 54 | # private-tmp |
43 | 55 | ||
44 | memory-deny-write-execute | 56 | memory-deny-write-execute |