diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | etc/ids.config | 1 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 3 | ||||
-rw-r--r-- | src/jailcheck/main.c | 1 |
4 files changed, 6 insertions, 1 deletions
@@ -362,7 +362,7 @@ scan-build: clean | |||
362 | 362 | ||
363 | .PHONY: codespell | 363 | .PHONY: codespell |
364 | codespell: clean | 364 | codespell: clean |
365 | codespell --ignore-regex "UE|creat|shotcut|ether" src test | 365 | codespell --ignore-regex "UE|creat|doas|shotcut|ether" src test |
366 | 366 | ||
367 | .PHONY: print-env | 367 | .PHONY: print-env |
368 | print-env: | 368 | print-env: |
diff --git a/etc/ids.config b/etc/ids.config index 880ec6ab5..4b75c701c 100644 --- a/etc/ids.config +++ b/etc/ids.config | |||
@@ -139,6 +139,7 @@ ${HOME}/.local/share/autostart | |||
139 | /etc/security | 139 | /etc/security |
140 | /etc/selinux | 140 | /etc/selinux |
141 | /etc/shadow* | 141 | /etc/shadow* |
142 | /etc/sudo*.conf | ||
142 | /etc/sudoers* | 143 | /etc/sudoers* |
143 | /etc/tripwire | 144 | /etc/tripwire |
144 | ${HOME}/.config/firejail | 145 | ${HOME}/.config/firejail |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 4277100ce..ce4f08958 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -416,6 +416,7 @@ blacklist /tmp/ssh-* | |||
416 | # top secret | 416 | # top secret |
417 | blacklist /.fscrypt | 417 | blacklist /.fscrypt |
418 | blacklist /etc/davfs2/secrets | 418 | blacklist /etc/davfs2/secrets |
419 | blacklist /etc/doas.conf | ||
419 | blacklist /etc/group+ | 420 | blacklist /etc/group+ |
420 | blacklist /etc/group- | 421 | blacklist /etc/group- |
421 | blacklist /etc/gshadow | 422 | blacklist /etc/gshadow |
@@ -428,6 +429,8 @@ blacklist /etc/shadow+ | |||
428 | blacklist /etc/shadow- | 429 | blacklist /etc/shadow- |
429 | blacklist /etc/ssh | 430 | blacklist /etc/ssh |
430 | blacklist /etc/ssh/* | 431 | blacklist /etc/ssh/* |
432 | blacklist /etc/sudo*.conf | ||
433 | blacklist /etc/sudoers* | ||
431 | blacklist /home/.ecryptfs | 434 | blacklist /home/.ecryptfs |
432 | blacklist /home/.fscrypt | 435 | blacklist /home/.fscrypt |
433 | blacklist ${HOME}/*.kdb | 436 | blacklist ${HOME}/*.kdb |
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c index 27da309ea..93d334c7a 100644 --- a/src/jailcheck/main.c +++ b/src/jailcheck/main.c | |||
@@ -120,6 +120,7 @@ int main(int argc, char **argv) { | |||
120 | // basic sysfiles | 120 | // basic sysfiles |
121 | sysfiles_setup("/etc/shadow"); | 121 | sysfiles_setup("/etc/shadow"); |
122 | sysfiles_setup("/etc/gshadow"); | 122 | sysfiles_setup("/etc/gshadow"); |
123 | sysfiles_setup("/usr/bin/doas"); | ||
123 | sysfiles_setup("/usr/bin/mount"); | 124 | sysfiles_setup("/usr/bin/mount"); |
124 | sysfiles_setup("/usr/bin/su"); | 125 | sysfiles_setup("/usr/bin/su"); |
125 | sysfiles_setup("/usr/bin/ksu"); | 126 | sysfiles_setup("/usr/bin/ksu"); |