aboutsummaryrefslogtreecommitdiffstats
path: root/etc/disable-common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/disable-common.inc')
-rw-r--r--etc/disable-common.inc88
1 files changed, 78 insertions, 10 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b1133f28f..0dad8b385 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -1,6 +1,7 @@
1# History files in $HOME 1# History files in $HOME
2blacklist-nolog ${HOME}/.history 2blacklist-nolog ${HOME}/.history
3blacklist-nolog ${HOME}/.*_history 3blacklist-nolog ${HOME}/.*_history
4blacklist-nolog ${HOME}/.bash_history
4blacklist ${HOME}/.local/share/systemd 5blacklist ${HOME}/.local/share/systemd
5blacklist-nolog ${HOME}/.adobe 6blacklist-nolog ${HOME}/.adobe
6blacklist-nolog ${HOME}/.macromedia 7blacklist-nolog ${HOME}/.macromedia
@@ -14,21 +15,34 @@ blacklist /etc/xdg/autostart
14blacklist ${HOME}/.kde4/Autostart 15blacklist ${HOME}/.kde4/Autostart
15blacklist ${HOME}/.kde4/share/autostart 16blacklist ${HOME}/.kde4/share/autostart
16blacklist ${HOME}/.kde/Autostart 17blacklist ${HOME}/.kde/Autostart
18blacklist ${HOME}/.kde/share/autostart
17blacklist ${HOME}/.config/plasma-workspace/shutdown 19blacklist ${HOME}/.config/plasma-workspace/shutdown
18blacklist ${HOME}/.config/plasma-workspace/env 20blacklist ${HOME}/.config/plasma-workspace/env
19blacklist ${HOME}/.config/lxsession/LXDE/autostart 21blacklist ${HOME}/.config/lxsession/LXDE/autostart
20blacklist ${HOME}/.fluxbox/startup 22blacklist ${HOME}/.fluxbox/startup
21blacklist ${HOME}/.config/openbox/autostart 23blacklist ${HOME}/.config/openbox/autostart
22blacklist ${HOME}/.config/openbox/environment 24blacklist ${HOME}/.config/openbox/environment
25blacklist ${HOME}/.gnomerc
26blacklist /etc/X11/Xsession.d/
27blacklist ${HOME}/.xpra
23 28
24# VirtualBox 29# VirtualBox
25blacklist ${HOME}/.VirtualBox 30blacklist ${HOME}/.VirtualBox
26blacklist ${HOME}/VirtualBox VMs 31blacklist ${HOME}/VirtualBox VMs
27blacklist ${HOME}/.config/VirtualBox 32blacklist ${HOME}/.config/VirtualBox
28 33
34# VeraCrypt
35blacklist ${PATH}/veracrypt
36blacklist ${PATH}/veracrypt-uninstall.sh
37blacklist /usr/share/veracrypt
38blacklist /usr/share/applications/veracrypt.*
39blacklist /usr/share/pixmaps/veracrypt.*
40blacklist ${HOME}/.VeraCrypt
41
29# var 42# var
30blacklist /var/spool/cron 43blacklist /var/spool/cron
31blacklist /var/spool/anacron 44blacklist /var/spool/anacron
45blacklist /var/mail
32blacklist /var/run/acpid.socket 46blacklist /var/run/acpid.socket
33blacklist /var/run/minissdpd.sock 47blacklist /var/run/minissdpd.sock
34blacklist /var/run/rpcbind.sock 48blacklist /var/run/rpcbind.sock
@@ -39,7 +53,7 @@ blacklist /var/lib/mysql/mysql.sock
39blacklist /var/run/docker.sock 53blacklist /var/run/docker.sock
40 54
41# etc 55# etc
42blacklist /etc/cron.* 56blacklist /etc/cron*
43blacklist /etc/profile.d 57blacklist /etc/profile.d
44blacklist /etc/rc.local 58blacklist /etc/rc.local
45blacklist /etc/anacrontab 59blacklist /etc/anacrontab
@@ -50,11 +64,15 @@ read-only ${HOME}/.xserverrc
50read-only ${HOME}/.profile 64read-only ${HOME}/.profile
51 65
52# Shell startup files 66# Shell startup files
67read-only ${HOME}/.antigen
53read-only ${HOME}/.bash_login 68read-only ${HOME}/.bash_login
54read-only ${HOME}/.bashrc 69read-only ${HOME}/.bashrc
55read-only ${HOME}/.bash_profile 70read-only ${HOME}/.bash_profile
56read-only ${HOME}/.bash_logout 71read-only ${HOME}/.bash_logout
72read-only ${HOME}/.zsh.d
73read-only ${HOME}/.zshenv
57read-only ${HOME}/.zshrc 74read-only ${HOME}/.zshrc
75read-only ${HOME}/.zshrc.local
58read-only ${HOME}/.zlogin 76read-only ${HOME}/.zlogin
59read-only ${HOME}/.zprofile 77read-only ${HOME}/.zprofile
60read-only ${HOME}/.zlogout 78read-only ${HOME}/.zlogout
@@ -62,8 +80,12 @@ read-only ${HOME}/.zsh_files
62read-only ${HOME}/.tcshrc 80read-only ${HOME}/.tcshrc
63read-only ${HOME}/.cshrc 81read-only ${HOME}/.cshrc
64read-only ${HOME}/.csh_files 82read-only ${HOME}/.csh_files
83read-only ${HOME}/.profile
65 84
66# Initialization files that allow arbitrary command execution 85# Initialization files that allow arbitrary command execution
86read-only ${HOME}/.caffrc
87read-only ${HOME}/.dotfiles
88read-only ${HOME}/dotfiles
67read-only ${HOME}/.mailcap 89read-only ${HOME}/.mailcap
68read-only ${HOME}/.exrc 90read-only ${HOME}/.exrc
69read-only ${HOME}/_exrc 91read-only ${HOME}/_exrc
@@ -73,10 +95,11 @@ read-only ${HOME}/.gvimrc
73read-only ${HOME}/_gvimrc 95read-only ${HOME}/_gvimrc
74read-only ${HOME}/.vim 96read-only ${HOME}/.vim
75read-only ${HOME}/.emacs 97read-only ${HOME}/.emacs
98read-only ${HOME}/.emacs.d
99read-only ${HOME}/.nano
76read-only ${HOME}/.tmux.conf 100read-only ${HOME}/.tmux.conf
77read-only ${HOME}/.iscreenrc 101read-only ${HOME}/.iscreenrc
78read-only ${HOME}/.muttrc 102read-only ${HOME}/.reportbugrc
79read-only ${HOME}/.mutt/muttrc
80read-only ${HOME}/.xmonad 103read-only ${HOME}/.xmonad
81read-only ${HOME}/.xscreensaver 104read-only ${HOME}/.xscreensaver
82 105
@@ -84,16 +107,25 @@ read-only ${HOME}/.xscreensaver
84read-only ${HOME}/bin 107read-only ${HOME}/bin
85 108
86# top secret 109# top secret
110blacklist ${HOME}/.ecryptfs
111blacklist ${HOME}/.Private
87blacklist ${HOME}/.ssh 112blacklist ${HOME}/.ssh
113blacklist ${HOME}/.cert
88blacklist ${HOME}/.gnome2/keyrings 114blacklist ${HOME}/.gnome2/keyrings
89blacklist ${HOME}/kde4/share/apps/kwallet 115blacklist ${HOME}/.kde4/share/apps/kwallet
90blacklist ${HOME}/kde/share/apps/kwallet 116blacklist ${HOME}/.kde/share/apps/kwallet
91blacklist ${HOME}/.local/share/kwalletd 117blacklist ${HOME}/.local/share/kwalletd
118blacklist ${HOME}/.config/keybase
92blacklist ${HOME}/.netrc 119blacklist ${HOME}/.netrc
93blacklist ${HOME}/.gnupg 120blacklist ${HOME}/.gnupg
121blacklist ${HOME}/.caff
122blacklist ${HOME}/.smbcredentials
94blacklist ${HOME}/*.kdbx 123blacklist ${HOME}/*.kdbx
95blacklist ${HOME}/*.kdb 124blacklist ${HOME}/*.kdb
96blacklist ${HOME}/*.key 125blacklist ${HOME}/*.key
126blacklist ${HOME}/.muttrc
127blacklist ${HOME}/.mutt/muttrc
128blacklist ${HOME}/.msmtprc
97blacklist /etc/shadow 129blacklist /etc/shadow
98blacklist /etc/gshadow 130blacklist /etc/gshadow
99blacklist /etc/passwd- 131blacklist /etc/passwd-
@@ -106,11 +138,19 @@ blacklist /etc/shadow+
106blacklist /etc/gshadow+ 138blacklist /etc/gshadow+
107blacklist /etc/ssh 139blacklist /etc/ssh
108blacklist /var/backup 140blacklist /var/backup
141blacklist /home/.ecryptfs
142
143# system directories
144blacklist /sbin
145blacklist /usr/sbin
146blacklist /usr/local/sbin
109 147
110# system management 148# system management
111blacklist ${PATH}/umount 149blacklist ${PATH}/umount
112blacklist ${PATH}/mount 150blacklist ${PATH}/mount
113blacklist ${PATH}/fusermount 151blacklist ${PATH}/fusermount
152blacklist ${PATH}/ntfs-3g
153blacklist ${PATH}/at
114blacklist ${PATH}/su 154blacklist ${PATH}/su
115blacklist ${PATH}/sudo 155blacklist ${PATH}/sudo
116blacklist ${PATH}/xinput 156blacklist ${PATH}/xinput
@@ -119,17 +159,45 @@ blacklist ${PATH}/xev
119blacklist ${PATH}/strace 159blacklist ${PATH}/strace
120blacklist ${PATH}/nc 160blacklist ${PATH}/nc
121blacklist ${PATH}/ncat 161blacklist ${PATH}/ncat
162blacklist ${PATH}/gpasswd
163blacklist ${PATH}/newgidmap
164blacklist ${PATH}/newgrp
165blacklist ${PATH}/newuidmap
166blacklist ${PATH}/pkexec
167blacklist ${PATH}/sg
168blacklist ${PATH}/rsh
169blacklist ${PATH}/rlogin
170blacklist ${PATH}/rcp
171blacklist ${PATH}/crontab
172blacklist ${PATH}/ksu
173blacklist ${PATH}/chsh
174blacklist ${PATH}/chfn
175blacklist ${PATH}/chage
176blacklist ${PATH}/expiry
177blacklist ${PATH}/unix_chkpwd
178blacklist ${PATH}/procmail
122 179
123# system directories 180# other SUID binaries
124blacklist /sbin 181blacklist /usr/lib/virtualbox
125blacklist /usr/sbin
126blacklist /usr/local/sbin
127 182
128# prevent lxterminal connecting to an existing lxterminal session 183# prevent lxterminal connecting to an existing lxterminal session
129blacklist /tmp/.lxterminal-socket* 184blacklist /tmp/.lxterminal-socket*
130 185
131# disable terminals running as server 186# disable terminals running as server resulting in sandbox escape
132blacklist ${PATH}/gnome-terminal 187blacklist ${PATH}/gnome-terminal
133blacklist ${PATH}/gnome-terminal.wrapper 188blacklist ${PATH}/gnome-terminal.wrapper
134blacklist ${PATH}/xfce4-terminal 189blacklist ${PATH}/xfce4-terminal
135blacklist ${PATH}/xfce4-terminal.wrapper 190blacklist ${PATH}/xfce4-terminal.wrapper
191blacklist ${PATH}/mate-terminal
192blacklist ${PATH}/mate-terminal.wrapper
193blacklist ${PATH}/lilyterm
194blacklist ${PATH}/pantheon-terminal
195blacklist ${PATH}/roxterm
196blacklist ${PATH}/roxterm-config
197blacklist ${PATH}/terminix
198blacklist ${PATH}/urxvtc
199blacklist ${PATH}/urxvtcd
200
201# kernel files
202blacklist /vmlinuz*
203blacklist /initrd*
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-08-22 13:37:39 +0000