diff options
author | netblue30 <netblue30@protonmail.com> | 2021-07-28 08:30:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-07-28 08:30:24 -0400 |
commit | a627071b33b42dd24a90070236d2f85eeebc423c (patch) | |
tree | 5388f450044f8b205812e5f6e740874d40b4dd62 /README.md | |
parent | Merge pull request #4410 from kmk3/revert-allow-deny-etc (diff) | |
download | firejail-a627071b33b42dd24a90070236d2f85eeebc423c.tar.gz firejail-a627071b33b42dd24a90070236d2f85eeebc423c.tar.zst firejail-a627071b33b42dd24a90070236d2f85eeebc423c.zip |
intrusion detection system
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -202,6 +202,36 @@ The old whitelist/blacklist will remain as aliasses for the next one or two rele | |||
202 | in order to give users a chance to switch their local profiles. | 202 | in order to give users a chance to switch their local profiles. |
203 | The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379 | 203 | The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379 |
204 | 204 | ||
205 | ### Intrusion Detection System ### | ||
206 | |||
207 | We are adding IDS capabilities in the next release. We have the list of files in [/etc/firejail/ids.config](https://github.com/netblue30/firejail/blob/master/etc/ids.config), | ||
208 | and we generate a [BLAKE2](https://en.wikipedia.org/wiki/BLAKE_%28hash_function%29) checksum in /var/lib/firejail/username.ids. | ||
209 | The program runs as regular user, each user has his own file in /var/lib/firejail. | ||
210 | |||
211 | Initialize the database: | ||
212 | ````` | ||
213 | $ firejail --ids-init | ||
214 | Loading /etc/firejail/ids.config config file | ||
215 | 500 1000 1500 2000 | ||
216 | 2457 files scanned | ||
217 | IDS database initialized | ||
218 | ````` | ||
219 | |||
220 | Later, we check it: | ||
221 | ````` | ||
222 | $ firejail --ids-check | ||
223 | Loading /etc/firejail/ids.config config file | ||
224 | 500 1000 1500 | ||
225 | Warning: modified /home/netblue/.bashrc | ||
226 | 2000 | ||
227 | 2457 files scanned: modified 1, permissions 0, new 0, removed 0 | ||
228 | ````` | ||
229 | The program will print the files that have been modified since the database was created, or the files with different access permissions. | ||
230 | New files and deleted files are also flagged. | ||
231 | |||
232 | Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access are silently dropped. | ||
233 | The program can also be run as root (sudo firejail --ids-init/--ids-check). | ||
234 | |||
205 | ### Profile Statistics | 235 | ### Profile Statistics |
206 | 236 | ||
207 | A small tool to print profile statistics. Compile as usual and run in /etc/profiles: | 237 | A small tool to print profile statistics. Compile as usual and run in /etc/profiles: |