Merge pull request #4427 from glitsj16/ids

IDS fixes

2 files changed, 69 insertions, 61 deletions

diff --git a/README.md b/README.md
index 5fde0b74b..5b12f551b 100644
--- a/README.md
+++ b/README.md
@@ -229,7 +229,7 @@ Warning: modified /home/netblue/.bashrc
 The program will print the files that have been modified since the database was created, or the files with different access permissions.
 New files and deleted files are also flagged.
 
-Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access are silently dropped.
+Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access to are silently dropped.
 The program can also be run as root (sudo firejail --ids-init/--ids-check).
 
 ### Profile Statistics
diff --git a/etc/ids.config b/etc/ids.config
index 7e03841c9..09b0ae912 100644
--- a/etc/ids.config
+++ b/etc/ids.config
@@ -1,34 +1,32 @@
 # /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System
+# This config file is overwritten when a new version of Firejail is installed.
+# For global customization use /etc/firejail/ids.config.local.
+include ids.config.local
 #
 # Each line is a file or directory name such as
 #       /usr/bin
 # or
 #       ${HOME}/Desktop/*.desktop
 #
-# ${HOME} is expanded to user home directory, and * is the regular
+# ${HOME} is expanded to the user's home directory, and * is the regular
 # globbing match for zero or more characters.
 #
 # File or directory names starting with ! are not scanned. For example
 #        !${HOME}/.ssh/known_hosts
 #        ${HOME}/.ssh
-# will scan all files in ~/.ssh directory with the exception of knonw_hosts
-#
-# This config file is overwritten when a new version of Firejail is installed.
-# For global customization use /etc/firejal/ids.config.local.
-
-include ids.config.local
+# will scan all files in ~/.ssh directory with the exception of known_hosts
 
 ### system executables ###
 /bin
 /sbin
 /usr/bin
-/usr/sbin
 /usr/games
 /usr/libexec
+/usr/sbin
 
 ### user executables ###
-#/usr/local
 #/opt
+#/usr/local
 
 ### system libraries ###
 #/lib
@@ -38,97 +36,107 @@ include ids.config.local
 #/usr/libx32
 
 ### shells local ###
-${HOME}/.bashrc         # bash
-${HOME}/.bash_profile
+# bash
 ${HOME}/.bash_login
 ${HOME}/.bash_logout
-${HOME}/.zshenv         #zsh
-${HOME}/.zshprofile
-${HOME}/.zshrc
-${HOME}/.zlogin
-${HOME}/.zlogout
-${HOME}/.config/fish/config.fish        # fish
-${HOME}/.profile                # others
+${HOME}/.bash_profile
+${HOME}/.bashrc
+# fish
+${HOME}/.config/fish/config.fish
+# others
+${HOME}/.cshrc
+${HOME}/.kshrc
 ${HOME}/.login
 ${HOME}/.logout
-${HOME}/.cshrc
+${HOME}/.profile
 ${HOME}/.tcshrc
-${HOME}/.kshrc
+# zsh
+${HOME}/.zlogin
+${HOME}/.zlogout
+${HOME}/.zshenv
+${HOME}/.zshprofile
+${HOME}/.zshrc
 
 ### shells global ###
-/etc/shells                     # all
+# all
+/etc/dircolors
+/etc/environment
 /etc/profile
 /etc/profile.d
-/etc/environment
+/etc/shells
 /etc/skel
-/etc/dircolors
-/etc/bash.bashrc                # bash
+# bash
 /etc/bash_completion*
+/etc/bash.bashrc
 /etc/bashrc
-/etc/zshenv                     # zsh
-/etc/zprofile
-/etc/zshrc
-/etc/zlogin
-/etc/zlogout
-/etc/fish                       # fish
-/etc/complete.tcsh              # tcsh
+# fish
+/etc/fish
+# ksh
+/etc/ksh.kshrc
+# tcsh
+/etc/complete.tcsh
 /etc/csh.cshrc
 /etc/csh.login
 /etc/csh.logout
-/etc/ksh.kshrc          # ksh
+# zsh
+/etc/zlogin
+/etc/zlogout
+/etc/zprofile
+/etc/zshenv
+/etc/zshrc
 
 ### X11 ###
-${HOME}/.xsessionrc
-${HOME}/.xsession
-${HOME}/.Xsession
+/etc/X11
 ${HOME}/.xinitrc
-${HOME}/.xprofile
 ${HOME}/.xmodmaprc
+${HOME}/.xprofile
+${HOME}/.Xresources
 ${HOME}/.xserverrc
-${HOME}/.Xresurces
-/etc/X11
+${HOME}/.Xsession
+${HOME}/.xsession
+${HOME}/.xsessionrc
 
 ### window/desktop manager ###
-${HOME}/.config/autostart
 ${HOME}/Desktop/*.desktop
+${HOME}/.config/autostart
 ${HOME}/.config/lxsession/LXDE/autostart
 ${HOME}/.gnomerc
 ${HOME}/.gtkrc
 ${HOME}/.kderc
 
 ### security ###
-${HOME}/.gnupg
-${HOME}/.config/firejail
+/etc/aide
 /etc/apparmor*
-/etc/selinux
-/etc/security
+/etc/chkrootkit.conf
+/etc/cracklib
+/etc/libaudit.conf
 /etc/group*
 /etc/gshadow*
+/etc/pam.*
 /etc/passwd*
+/etc/rkhunter*
+/etc/securetty
+/etc/security
+/etc/selinux
 /etc/shadow*
-/etc/pam.*
 /etc/sudoers*
-/etc/securetty
-/etc/cracklib
-/etc/libaudit.conf
 /etc/tripwire
-/etc/aide
-/etc/chkrootkit.conf
-/etc/rkhunter.conf
+${HOME}/.config/firejail
+${HOME}/.gnupg
 
-*** network security ***
-/etc/services
-/etc/hosts.*
-/etc/ssl
+### network security ###
 /etc/ca-certificates*
-/usr/share/ca-certificates
-!${HOME}/.ssh/known_hosts       # excluding
-${HOME}/.ssh
-/etc/ssh
+/etc/hosts.*
+/etc/services
 /etc/snort
+/etc/ssh
+/etc/ssl
 /etc/wireshark
+!${HOME}/.ssh/known_hosts # excluding
+${HOME}/.ssh
+/usr/share/ca-certificates
 
 ### system config ###
-/etc/default
-/etc/crontab
 /etc/cron.*
+/etc/crontab
+/etc/default