disable-common.inc update

author: netblue30 <netblue30@protonmail.com> 2021-07-13 07:26:05 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-07-13 07:26:05 -0400
commit: 110a74f094abcb4f2763d76e204fb3c9743fa9a1 (patch)
tree: 7f26a41d4095df0f146ac6e30ef0669e439f854b /etc/inc
parent: Fix #4396 -- tracelog causes anki to segfault (diff)
download: firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.tar.gz
firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.tar.zst
firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 4c83284ee..1283a3a3d 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -162,6 +162,9 @@ deny  ${HOME}/.local/share/systemd
 deny  /var/lib/systemd
 deny  ${PATH}/systemd-run
 deny  ${RUNUSER}/systemd
+deny  ${PATH}/systemctl
+deny  /etc/systemd/system
+deny  /etc/systemd/network
 # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
 #blacklist /var/run/systemd
@@ -257,6 +260,18 @@ deny  /etc/modules*
 deny  /etc/logrotate*
 deny  /etc/adduser.conf
+# hide config for various intrusion detection systems
+deny  /etc/rkhunter.conf
+deny  /var/lib/rkhunter
+deny  /etc/chkrootkit.conf
+deny  /etc/lynis
+deny  /etc/aide
+deny  /etc/logcheck
+deny  /etc/tripwire
+deny  /etc/snort
+deny  /etc/fail2ban.conf
+deny  /etc/suricata
 # Startup files
 read-only ${HOME}/.antigen
 read-only ${HOME}/.bash_aliases
author	netblue30 <netblue30@protonmail.com>	2021-07-13 07:26:05 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-07-13 07:26:05 -0400
commit	110a74f094abcb4f2763d76e204fb3c9743fa9a1 (patch)
tree	7f26a41d4095df0f146ac6e30ef0669e439f854b /etc/inc
parent	Fix #4396 -- tracelog causes anki to segfault (diff)
download	firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.tar.gz firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.tar.zst firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.zip

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 4c83284ee..1283a3a3d 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc
@@ -162,6 +162,9 @@ deny ${HOME}/.local/share/systemd
162	deny /var/lib/systemd	162	deny /var/lib/systemd
163	deny ${PATH}/systemd-run	163	deny ${PATH}/systemd-run
164	deny ${RUNUSER}/systemd	164	deny ${RUNUSER}/systemd
		165	deny ${PATH}/systemctl
		166	deny /etc/systemd/system
		167	deny /etc/systemd/network
165	# creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf	168	# creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
166	#blacklist /var/run/systemd	169	#blacklist /var/run/systemd
167		170
@@ -257,6 +260,18 @@ deny /etc/modules*
257	deny /etc/logrotate*	260	deny /etc/logrotate*
258	deny /etc/adduser.conf	261	deny /etc/adduser.conf
259		262
		263	# hide config for various intrusion detection systems
		264	deny /etc/rkhunter.conf
		265	deny /var/lib/rkhunter
		266	deny /etc/chkrootkit.conf
		267	deny /etc/lynis
		268	deny /etc/aide
		269	deny /etc/logcheck
		270	deny /etc/tripwire
		271	deny /etc/snort
		272	deny /etc/fail2ban.conf
		273	deny /etc/suricata
		274
260	# Startup files	275	# Startup files
261	read-only ${HOME}/.antigen	276	read-only ${HOME}/.antigen
262	read-only ${HOME}/.bash_aliases	277	read-only ${HOME}/.bash_aliases