diff options
author | Tad <tad@spotco.us> | 2017-04-16 07:14:01 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-04-16 08:12:31 -0400 |
commit | b5f29f9c216615c39e6fe00508ea18a52a2fe88a (patch) | |
tree | c43aea948b2d8e82ea1b157e61bbfcbf92c801fc /etc/ssh.profile | |
parent | doc update (diff) | |
download | firejail-b5f29f9c216615c39e6fe00508ea18a52a2fe88a.tar.gz firejail-b5f29f9c216615c39e6fe00508ea18a52a2fe88a.tar.zst firejail-b5f29f9c216615c39e6fe00508ea18a52a2fe88a.zip |
Harden 9 more profiles
Diffstat (limited to 'etc/ssh.profile')
-rw-r--r-- | etc/ssh.profile | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/ssh.profile b/etc/ssh.profile index b1ef6b27e..425841399 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -14,7 +14,18 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | ||
18 | nogroups | ||
17 | nonewprivs | 19 | nonewprivs |
18 | noroot | 20 | noroot |
21 | nosound | ||
19 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
20 | seccomp | 23 | seccomp |
24 | shell none | ||
25 | tracelog | ||
26 | |||
27 | private-dev | ||
28 | #private-tmp #Breaks when exiting | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||