hardening ssh, tor

author: netblue30 <netblue30@protonmail.com> 2021-02-23 07:57:02 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-02-23 07:57:02 -0500
commit: 0e31d0203569604998d8b640901773b19ada2d98 (patch)
tree: 97bd359f5fbe9f2d136ef6acb4b9d69f2c67cef4
parent: more calibre profiles (diff)
download: firejail-0e31d0203569604998d8b640901773b19ada2d98.tar.gz
firejail-0e31d0203569604998d8b640901773b19ada2d98.tar.zst
firejail-0e31d0203569604998d8b640901773b19ada2d98.zip
2 files changed, 6 insertions, 0 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 641c3a79d..7bc731333 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -24,6 +24,7 @@ whitelist ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 netfilter
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 1045fa02a..8b1ed1645 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -15,6 +15,9 @@ noblacklist ${HOME}/.local/share/torbrowser
 include allow-python2.inc
 include allow-python3.inc
+blacklist /opt
+blacklist /srv
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -30,6 +33,8 @@ whitelist ${HOME}/.config/torbrowser
 whitelist ${HOME}/.local/share/torbrowser
 include whitelist-common.inc
 include whitelist-var-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 # Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local.
 # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need
author	netblue30 <netblue30@protonmail.com>	2021-02-23 07:57:02 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-02-23 07:57:02 -0500
commit	0e31d0203569604998d8b640901773b19ada2d98 (patch)
tree	97bd359f5fbe9f2d136ef6acb4b9d69f2c67cef4
parent	more calibre profiles (diff)
download	firejail-0e31d0203569604998d8b640901773b19ada2d98.tar.gz firejail-0e31d0203569604998d8b640901773b19ada2d98.tar.zst firejail-0e31d0203569604998d8b640901773b19ada2d98.zip

diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 641c3a79d..7bc731333 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile
@@ -24,6 +24,7 @@ whitelist ${RUNUSER}/keyring/ssh
24	include whitelist-usr-share-common.inc	24	include whitelist-usr-share-common.inc
25	include whitelist-runuser-common.inc	25	include whitelist-runuser-common.inc
26		26
		27	apparmor
27	caps.drop all	28	caps.drop all
28	ipc-namespace	29	ipc-namespace
29	netfilter	30	netfilter


diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 1045fa02a..8b1ed1645 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -15,6 +15,9 @@ noblacklist ${HOME}/.local/share/torbrowser
15	include allow-python2.inc	15	include allow-python2.inc
16	include allow-python3.inc	16	include allow-python3.inc
17		17
		18	blacklist /opt
		19	blacklist /srv
		20
18	include disable-common.inc	21	include disable-common.inc
19	include disable-devel.inc	22	include disable-devel.inc
20	include disable-exec.inc	23	include disable-exec.inc
@@ -30,6 +33,8 @@ whitelist ${HOME}/.config/torbrowser
30	whitelist ${HOME}/.local/share/torbrowser	33	whitelist ${HOME}/.local/share/torbrowser
31	include whitelist-common.inc	34	include whitelist-common.inc
32	include whitelist-var-common.inc	35	include whitelist-var-common.inc
		36	include whitelist-runuser-common.inc
		37	include whitelist-usr-share-common.inc
33		38
34	# Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local.	39	# Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local.
35	# IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need	40	# IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need