diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-08-20 12:26:00 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-08-20 12:26:00 -0400 |
| commit | d94f54736f48a089c5fa19632c2c42e8da3db5a8 (patch) | |
| tree | a0a210fe03ee539d7613245df17d77730f283da8 /etc/inc | |
| parent | more domains for static-ip-map (diff) | |
| download | firejail-d94f54736f48a089c5fa19632c2c42e8da3db5a8.tar.gz firejail-d94f54736f48a089c5fa19632c2c42e8da3db5a8.tar.zst firejail-d94f54736f48a089c5fa19632c2c42e8da3db5a8.zip | |
disable all ssh utilities in disable-common.inc
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/allow-ssh.inc | 2 | ||||
| -rw-r--r-- | etc/inc/disable-common.inc | 11 |
2 files changed, 3 insertions, 10 deletions
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 024d87be7..6b2c5846e 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
| @@ -6,7 +6,7 @@ noblacklist ${HOME}/.ssh | |||
| 6 | noblacklist /etc/ssh | 6 | noblacklist /etc/ssh |
| 7 | noblacklist /etc/ssh/ssh_config | 7 | noblacklist /etc/ssh/ssh_config |
| 8 | noblacklist /etc/ssh/ssh_config.d | 8 | noblacklist /etc/ssh/ssh_config.d |
| 9 | noblacklist ${PATH}/ssh | 9 | noblacklist ${PATH}/ssh* |
| 10 | noblacklist /tmp/ssh-* | 10 | noblacklist /tmp/ssh-* |
| 11 | # Arch Linux and derivatives | 11 | # Arch Linux and derivatives |
| 12 | noblacklist /usr/lib/ssh | 12 | noblacklist /usr/lib/ssh |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index ce4f08958..438e90499 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
| @@ -319,16 +319,10 @@ read-only ${HOME}/.zshenv | |||
| 319 | read-only ${HOME}/.zshrc | 319 | read-only ${HOME}/.zshrc |
| 320 | read-only ${HOME}/.zshrc.local | 320 | read-only ${HOME}/.zshrc.local |
| 321 | 321 | ||
| 322 | # Remote access | 322 | # Remote access - ${HOME}/.ssh directory blacklisted in top secret section below |
| 323 | blacklist ${HOME}/.rhosts | 323 | blacklist ${HOME}/.rhosts |
| 324 | blacklist ${HOME}/.shosts | 324 | blacklist ${HOME}/.shosts |
| 325 | blacklist ${HOME}/.ssh/authorized_keys | ||
| 326 | blacklist ${HOME}/.ssh/authorized_keys2 | ||
| 327 | blacklist ${HOME}/.ssh/environment | ||
| 328 | blacklist ${HOME}/.ssh/rc | ||
| 329 | blacklist /etc/hosts.equiv | 325 | blacklist /etc/hosts.equiv |
| 330 | read-only ${HOME}/.ssh/config | ||
| 331 | read-only ${HOME}/.ssh/config.d | ||
| 332 | 326 | ||
| 333 | # Initialization files that allow arbitrary command execution | 327 | # Initialization files that allow arbitrary command execution |
| 334 | read-only ${HOME}/.caffrc | 328 | read-only ${HOME}/.caffrc |
| @@ -536,7 +530,6 @@ blacklist ${PATH}/umount | |||
| 536 | blacklist ${PATH}/unix_chkpwd | 530 | blacklist ${PATH}/unix_chkpwd |
| 537 | blacklist ${PATH}/xev | 531 | blacklist ${PATH}/xev |
| 538 | blacklist ${PATH}/xinput | 532 | blacklist ${PATH}/xinput |
| 539 | # from 0.9.67 | ||
| 540 | blacklist /usr/lib/openssh | 533 | blacklist /usr/lib/openssh |
| 541 | blacklist /usr/lib/ssh | 534 | blacklist /usr/lib/ssh |
| 542 | blacklist /usr/libexec/openssh | 535 | blacklist /usr/libexec/openssh |
| @@ -672,7 +665,7 @@ blacklist ${PATH}/unbound-host | |||
| 672 | 665 | ||
| 673 | # prevent an intruder to guess passwords using regular network tools | 666 | # prevent an intruder to guess passwords using regular network tools |
| 674 | blacklist ${PATH}/ftp | 667 | blacklist ${PATH}/ftp |
| 675 | blacklist ${PATH}/ssh | 668 | blacklist ${PATH}/ssh* |
| 676 | blacklist ${PATH}/telnet | 669 | blacklist ${PATH}/telnet |
| 677 | 670 | ||
| 678 | # rest of ${RUNUSER} | 671 | # rest of ${RUNUSER} |