diff options
author | netblue30 <netblue30@protonmail.com> | 2021-07-13 07:26:05 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-07-13 07:26:05 -0400 |
commit | 110a74f094abcb4f2763d76e204fb3c9743fa9a1 (patch) | |
tree | 7f26a41d4095df0f146ac6e30ef0669e439f854b /etc | |
parent | Fix #4396 -- tracelog causes anki to segfault (diff) | |
download | firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.tar.gz firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.tar.zst firejail-110a74f094abcb4f2763d76e204fb3c9743fa9a1.zip |
disable-common.inc update
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-common.inc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 4c83284ee..1283a3a3d 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -162,6 +162,9 @@ deny ${HOME}/.local/share/systemd | |||
162 | deny /var/lib/systemd | 162 | deny /var/lib/systemd |
163 | deny ${PATH}/systemd-run | 163 | deny ${PATH}/systemd-run |
164 | deny ${RUNUSER}/systemd | 164 | deny ${RUNUSER}/systemd |
165 | deny ${PATH}/systemctl | ||
166 | deny /etc/systemd/system | ||
167 | deny /etc/systemd/network | ||
165 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf | 168 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf |
166 | #blacklist /var/run/systemd | 169 | #blacklist /var/run/systemd |
167 | 170 | ||
@@ -257,6 +260,18 @@ deny /etc/modules* | |||
257 | deny /etc/logrotate* | 260 | deny /etc/logrotate* |
258 | deny /etc/adduser.conf | 261 | deny /etc/adduser.conf |
259 | 262 | ||
263 | # hide config for various intrusion detection systems | ||
264 | deny /etc/rkhunter.conf | ||
265 | deny /var/lib/rkhunter | ||
266 | deny /etc/chkrootkit.conf | ||
267 | deny /etc/lynis | ||
268 | deny /etc/aide | ||
269 | deny /etc/logcheck | ||
270 | deny /etc/tripwire | ||
271 | deny /etc/snort | ||
272 | deny /etc/fail2ban.conf | ||
273 | deny /etc/suricata | ||
274 | |||
260 | # Startup files | 275 | # Startup files |
261 | read-only ${HOME}/.antigen | 276 | read-only ${HOME}/.antigen |
262 | read-only ${HOME}/.bash_aliases | 277 | read-only ${HOME}/.bash_aliases |