1 files changed, 70 insertions, 26 deletions
diff --git a/README.md b/README.md
index cf9d9563e..ae997fdd2 100644
--- a/README.md
+++ b/README.md
@@ -96,7 +96,7 @@ https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-loca
 Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
-The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian buster we recommend to use the [backports](https://packages.debian.org/buster-backports/firejail) package.
+The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian stable (bullseye) we recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
 You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
@@ -150,7 +150,7 @@ PulseAudio changes.
 Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers.
 The integration applies to any program supported by default by Firejail. There are about 250 default applications
 in current Firejail version, and the number goes up with every new release.
-We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.
+We keep the application list in [/etc/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.
 ## Security profiles
@@ -183,34 +183,78 @@ in order to give users a chance to switch their local profiles.
 The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379
 ### Intrusion Detection System ###
-We are adding IDS capabilities in the next release. We have the list of files in [/etc/firejail/ids.config](https://github.com/netblue30/firejail/blob/master/etc/ids.config),
-and we generate a [BLAKE2](https://en.wikipedia.org/wiki/BLAKE_%28hash_function%29) checksum in /var/lib/firejail/username.ids.
-The program runs as regular user, each user has his own file in /var/lib/firejail.
-Initialize the database:
 `````
-$ firejail --ids-init
+      --ids-check
-Loading /etc/firejail/ids.config config file
+              Check  file  hashes previously generated by --ids-check. See IN‐
-500 1000 1500 2000
+              TRUSION DETECTION SYSTEM section for more details.
-2457 files scanned
-IDS database initialized
+              Example:
+              $ firejail --ids-check
+       --ids-init
+              Initialize file hashes. See INTRUSION DETECTION  SYSTEM  section
+              for more details.
+              Example:
+              $ firejail --ids-init
+INTRUSION DETECTION SYSTEM (IDS)
+       The  host-based  intrusion detection system tracks down and audits user
+       and  system  file  modifications.   The  feature  is  configured  using
+       /etc/firejail/ids.config    file,   the   checksums   are   stored   in
+       /var/lib/firejail/USERNAME.ids, where USERNAME is the name of the  cur‐
+       rent user. We use BLAKE2 cryptographic function for hashing.
+       As a regular user, initialize the database:
+       $ firejail --ids-init
+       Opening config file /etc/firejail/ids.config
+       Loading config file /etc/firejail/ids.config
+       Opening config file /etc/firejail/ids.config.local
+       500 1000 1500 2000
+       2466 files scanned
+       IDS database initialized
+       The  default configuration targets several system executables in direc‐
+       tories such as /bin, /sbin, /usr/bin, /usr/sbin, and  several  critical
+       config  files in user home directory such as ~/.bashrc, ~/.xinitrc, and
+       ~/.config/autostart. Several system config files in /etc directory  are
+       also hashed.
+       Run --ids-check to audit the system:
+       $ firejail --ids-check
+       Opening config file /etc/firejail/ids.config
+       Loading config file /etc/firejail/ids.config
+       Opening config file /etc/firejail/ids.config.local
+       500 1000 1500
+       Warning: modified /home/netblue/.bashrc
+       2000
+       2466 files scanned: modified 1, permissions 0, new 0, removed 0
+       The  program  will  print  the  files that have been modified since the
+       database was created, or the files with different  access  permissions.
+       New files and deleted files are also flagged.
+       Currently  while  scanning  the file system symbolic links are not fol‐
+       lowed, and files the user doesn't have  read  access  to  are  silently
+       dropped.   The  program  can  also be run as root (sudo firejail --ids-
+       init/--ids-check).
 `````
-Later, we check it:
+### Deteministic Shutdown
 `````
-$ firejail --ids-check
+      --deterministic-exit-code
-Loading /etc/firejail/ids.config config file
+              Always exit firejail with the first child's exit status. The de‐
-500 1000 1500
+              fault  behavior  is to use the exit status of the final child to
-Warning: modified /home/netblue/.bashrc
+              exit, which can be nondeterministic.
-2000
-2457 files scanned: modified 1, permissions 0, new 0, removed 0
+       --deterministic-shutdown
+              Always shut down the sandbox after the first  child  has  termi‐
+              nated. The default behavior is to keep the sandbox alive as long
+              as it contains running processes.
 `````
-The program will print the files that have been modified since the database was created, or the files with different access permissions.
-New files and deleted files are also flagged.
-Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access to are silently dropped.
-The program can also be run as root (sudo firejail --ids-init/--ids-check).
 ### Profile Statistics
@@ -248,4 +292,4 @@ $ ./profstats *.profile
 ### New profiles:
 clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta, ncdu2, gallery-dl, yt-dlp, goldendict, bundle,
-cmake, make, meson, pip, codium
+cmake, make, meson, pip, codium, telnet, ftp, OpenStego, imv, retroarch, torbrowser

diff --git a/README.md b/README.md index cf9d9563e..ae997fdd2 100644 --- a/README.md +++ b/README.md
@@ -96,7 +96,7 @@ https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-loca
96		96
97	Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.	97	Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
98		98
99	The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian buster we recommend to use the [backports](https://packages.debian.org/buster-backports/firejail) package.	99	The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian stable (bullseye) we recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
100		100
101	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:	101	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
102		102
@@ -150,7 +150,7 @@ PulseAudio changes.
150	Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers.	150	Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers.
151	The integration applies to any program supported by default by Firejail. There are about 250 default applications	151	The integration applies to any program supported by default by Firejail. There are about 250 default applications
152	in current Firejail version, and the number goes up with every new release.	152	in current Firejail version, and the number goes up with every new release.
153	We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.	153	We keep the application list in [/etc/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.
154		154
155	## Security profiles	155	## Security profiles
156		156
@@ -183,34 +183,78 @@ in order to give users a chance to switch their local profiles.
183	The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379	183	The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379
184		184
185	### Intrusion Detection System ###	185	### Intrusion Detection System ###
186
187	We are adding IDS capabilities in the next release. We have the list of files in [/etc/firejail/ids.config](https://github.com/netblue30/firejail/blob/master/etc/ids.config),
188	and we generate a [BLAKE2](https://en.wikipedia.org/wiki/BLAKE_%28hash_function%29) checksum in /var/lib/firejail/username.ids.
189	The program runs as regular user, each user has his own file in /var/lib/firejail.
190
191	Initialize the database:
192	`````	186	`````
193	$ firejail --ids-init	187	--ids-check
194	Loading /etc/firejail/ids.config config file	188	Check file hashes previously generated by --ids-check. See IN‐
195	500 1000 1500 2000	189	TRUSION DETECTION SYSTEM section for more details.
196	2457 files scanned	190
197	IDS database initialized	191	Example:
		192	$ firejail --ids-check
		193
		194	--ids-init
		195	Initialize file hashes. See INTRUSION DETECTION SYSTEM section
		196	for more details.
		197
		198	Example:
		199	$ firejail --ids-init
		200
		201	INTRUSION DETECTION SYSTEM (IDS)
		202	The host-based intrusion detection system tracks down and audits user
		203	and system file modifications. The feature is configured using
		204	/etc/firejail/ids.config file, the checksums are stored in
		205	/var/lib/firejail/USERNAME.ids, where USERNAME is the name of the cur‐
		206	rent user. We use BLAKE2 cryptographic function for hashing.
		207
		208	As a regular user, initialize the database:
		209
		210	$ firejail --ids-init
		211	Opening config file /etc/firejail/ids.config
		212	Loading config file /etc/firejail/ids.config
		213	Opening config file /etc/firejail/ids.config.local
		214	500 1000 1500 2000
		215	2466 files scanned
		216	IDS database initialized
		217
		218	The default configuration targets several system executables in direc‐
		219	tories such as /bin, /sbin, /usr/bin, /usr/sbin, and several critical
		220	config files in user home directory such as ~/.bashrc, ~/.xinitrc, and
		221	~/.config/autostart. Several system config files in /etc directory are
		222	also hashed.
		223
		224	Run --ids-check to audit the system:
		225
		226	$ firejail --ids-check
		227	Opening config file /etc/firejail/ids.config
		228	Loading config file /etc/firejail/ids.config
		229	Opening config file /etc/firejail/ids.config.local
		230	500 1000 1500
		231	Warning: modified /home/netblue/.bashrc
		232	2000
		233	2466 files scanned: modified 1, permissions 0, new 0, removed 0
		234
		235	The program will print the files that have been modified since the
		236	database was created, or the files with different access permissions.
		237	New files and deleted files are also flagged.
		238
		239	Currently while scanning the file system symbolic links are not fol‐
		240	lowed, and files the user doesn't have read access to are silently
		241	dropped. The program can also be run as root (sudo firejail --ids-
		242	init/--ids-check).
		243
198	`````	244	`````
199		245
200	Later, we check it:	246	### Deteministic Shutdown
201	`````	247	`````
202	$ firejail --ids-check	248	--deterministic-exit-code
203	Loading /etc/firejail/ids.config config file	249	Always exit firejail with the first child's exit status. The de‐
204	500 1000 1500	250	fault behavior is to use the exit status of the final child to
205	Warning: modified /home/netblue/.bashrc	251	exit, which can be nondeterministic.
206	2000	252
207	2457 files scanned: modified 1, permissions 0, new 0, removed 0	253	--deterministic-shutdown
		254	Always shut down the sandbox after the first child has termi‐
		255	nated. The default behavior is to keep the sandbox alive as long
		256	as it contains running processes.
208	`````	257	`````
209	The program will print the files that have been modified since the database was created, or the files with different access permissions.
210	New files and deleted files are also flagged.
211
212	Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access to are silently dropped.
213	The program can also be run as root (sudo firejail --ids-init/--ids-check).
214		258
215	### Profile Statistics	259	### Profile Statistics
216		260
@@ -248,4 +292,4 @@ $ ./profstats *.profile
248	### New profiles:	292	### New profiles:
249		293
250	clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta, ncdu2, gallery-dl, yt-dlp, goldendict, bundle,	294	clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta, ncdu2, gallery-dl, yt-dlp, goldendict, bundle,
251	cmake, make, meson, pip, codium	295	cmake, make, meson, pip, codium, telnet, ftp, OpenStego, imv, retroarch, torbrowser