aboutsummaryrefslogtreecommitdiffstats
path: root/etc/disable-common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/disable-common.inc')
-rw-r--r--etc/disable-common.inc102
1 files changed, 92 insertions, 10 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b1133f28f..b86c6f998 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -1,6 +1,7 @@
1# History files in $HOME 1# History files in $HOME
2blacklist-nolog ${HOME}/.history 2blacklist-nolog ${HOME}/.history
3blacklist-nolog ${HOME}/.*_history 3blacklist-nolog ${HOME}/.*_history
4blacklist-nolog ${HOME}/.bash_history
4blacklist ${HOME}/.local/share/systemd 5blacklist ${HOME}/.local/share/systemd
5blacklist-nolog ${HOME}/.adobe 6blacklist-nolog ${HOME}/.adobe
6blacklist-nolog ${HOME}/.macromedia 7blacklist-nolog ${HOME}/.macromedia
@@ -14,21 +15,48 @@ blacklist /etc/xdg/autostart
14blacklist ${HOME}/.kde4/Autostart 15blacklist ${HOME}/.kde4/Autostart
15blacklist ${HOME}/.kde4/share/autostart 16blacklist ${HOME}/.kde4/share/autostart
16blacklist ${HOME}/.kde/Autostart 17blacklist ${HOME}/.kde/Autostart
18blacklist ${HOME}/.kde/share/autostart
17blacklist ${HOME}/.config/plasma-workspace/shutdown 19blacklist ${HOME}/.config/plasma-workspace/shutdown
18blacklist ${HOME}/.config/plasma-workspace/env 20blacklist ${HOME}/.config/plasma-workspace/env
19blacklist ${HOME}/.config/lxsession/LXDE/autostart 21blacklist ${HOME}/.config/lxsession/LXDE/autostart
20blacklist ${HOME}/.fluxbox/startup 22blacklist ${HOME}/.fluxbox/startup
21blacklist ${HOME}/.config/openbox/autostart 23blacklist ${HOME}/.config/openbox/autostart
22blacklist ${HOME}/.config/openbox/environment 24blacklist ${HOME}/.config/openbox/environment
25blacklist ${HOME}/.gnomerc
26blacklist /etc/X11/Xsession.d/
27# blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs
23 28
24# VirtualBox 29# VirtualBox
25blacklist ${HOME}/.VirtualBox 30blacklist ${HOME}/.VirtualBox
26blacklist ${HOME}/VirtualBox VMs 31blacklist ${HOME}/VirtualBox VMs
27blacklist ${HOME}/.config/VirtualBox 32blacklist ${HOME}/.config/VirtualBox
28 33
34# VeraCrypt
35blacklist ${PATH}/veracrypt
36blacklist ${PATH}/veracrypt-uninstall.sh
37blacklist /usr/share/veracrypt
38blacklist /usr/share/applications/veracrypt.*
39blacklist /usr/share/pixmaps/veracrypt.*
40blacklist ${HOME}/.VeraCrypt
41
42# TrueCrypt
43blacklist ${PATH}/truecrypt
44blacklist ${PATH}/truecrypt-uninstall.sh
45blacklist /usr/share/truecrypt
46blacklist /usr/share/applications/truecrypt.*
47blacklist /usr/share/pixmaps/truecrypt.*
48blacklist ${HOME}/.TrueCrypt
49
50# zuluCrypt
51blacklist ${HOME}/.zuluCrypt
52blacklist ${HOME}/.zuluCrypt-socket
53blacklist ${PATH}/zuluCrypt-cli
54blacklist ${PATH}/zuluMount-cli
55
29# var 56# var
30blacklist /var/spool/cron 57blacklist /var/spool/cron
31blacklist /var/spool/anacron 58blacklist /var/spool/anacron
59blacklist /var/mail
32blacklist /var/run/acpid.socket 60blacklist /var/run/acpid.socket
33blacklist /var/run/minissdpd.sock 61blacklist /var/run/minissdpd.sock
34blacklist /var/run/rpcbind.sock 62blacklist /var/run/rpcbind.sock
@@ -39,7 +67,7 @@ blacklist /var/lib/mysql/mysql.sock
39blacklist /var/run/docker.sock 67blacklist /var/run/docker.sock
40 68
41# etc 69# etc
42blacklist /etc/cron.* 70blacklist /etc/cron*
43blacklist /etc/profile.d 71blacklist /etc/profile.d
44blacklist /etc/rc.local 72blacklist /etc/rc.local
45blacklist /etc/anacrontab 73blacklist /etc/anacrontab
@@ -50,11 +78,15 @@ read-only ${HOME}/.xserverrc
50read-only ${HOME}/.profile 78read-only ${HOME}/.profile
51 79
52# Shell startup files 80# Shell startup files
81read-only ${HOME}/.antigen
53read-only ${HOME}/.bash_login 82read-only ${HOME}/.bash_login
54read-only ${HOME}/.bashrc 83read-only ${HOME}/.bashrc
55read-only ${HOME}/.bash_profile 84read-only ${HOME}/.bash_profile
56read-only ${HOME}/.bash_logout 85read-only ${HOME}/.bash_logout
86read-only ${HOME}/.zsh.d
87read-only ${HOME}/.zshenv
57read-only ${HOME}/.zshrc 88read-only ${HOME}/.zshrc
89read-only ${HOME}/.zshrc.local
58read-only ${HOME}/.zlogin 90read-only ${HOME}/.zlogin
59read-only ${HOME}/.zprofile 91read-only ${HOME}/.zprofile
60read-only ${HOME}/.zlogout 92read-only ${HOME}/.zlogout
@@ -62,8 +94,12 @@ read-only ${HOME}/.zsh_files
62read-only ${HOME}/.tcshrc 94read-only ${HOME}/.tcshrc
63read-only ${HOME}/.cshrc 95read-only ${HOME}/.cshrc
64read-only ${HOME}/.csh_files 96read-only ${HOME}/.csh_files
97read-only ${HOME}/.profile
65 98
66# Initialization files that allow arbitrary command execution 99# Initialization files that allow arbitrary command execution
100read-only ${HOME}/.caffrc
101read-only ${HOME}/.dotfiles
102read-only ${HOME}/dotfiles
67read-only ${HOME}/.mailcap 103read-only ${HOME}/.mailcap
68read-only ${HOME}/.exrc 104read-only ${HOME}/.exrc
69read-only ${HOME}/_exrc 105read-only ${HOME}/_exrc
@@ -73,10 +109,11 @@ read-only ${HOME}/.gvimrc
73read-only ${HOME}/_gvimrc 109read-only ${HOME}/_gvimrc
74read-only ${HOME}/.vim 110read-only ${HOME}/.vim
75read-only ${HOME}/.emacs 111read-only ${HOME}/.emacs
112read-only ${HOME}/.emacs.d
113read-only ${HOME}/.nano
76read-only ${HOME}/.tmux.conf 114read-only ${HOME}/.tmux.conf
77read-only ${HOME}/.iscreenrc 115read-only ${HOME}/.iscreenrc
78read-only ${HOME}/.muttrc 116read-only ${HOME}/.reportbugrc
79read-only ${HOME}/.mutt/muttrc
80read-only ${HOME}/.xmonad 117read-only ${HOME}/.xmonad
81read-only ${HOME}/.xscreensaver 118read-only ${HOME}/.xscreensaver
82 119
@@ -84,16 +121,25 @@ read-only ${HOME}/.xscreensaver
84read-only ${HOME}/bin 121read-only ${HOME}/bin
85 122
86# top secret 123# top secret
124blacklist ${HOME}/.ecryptfs
125blacklist ${HOME}/.Private
87blacklist ${HOME}/.ssh 126blacklist ${HOME}/.ssh
127blacklist ${HOME}/.cert
88blacklist ${HOME}/.gnome2/keyrings 128blacklist ${HOME}/.gnome2/keyrings
89blacklist ${HOME}/kde4/share/apps/kwallet 129blacklist ${HOME}/.kde4/share/apps/kwallet
90blacklist ${HOME}/kde/share/apps/kwallet 130blacklist ${HOME}/.kde/share/apps/kwallet
91blacklist ${HOME}/.local/share/kwalletd 131blacklist ${HOME}/.local/share/kwalletd
132blacklist ${HOME}/.config/keybase
92blacklist ${HOME}/.netrc 133blacklist ${HOME}/.netrc
93blacklist ${HOME}/.gnupg 134blacklist ${HOME}/.gnupg
135blacklist ${HOME}/.caff
136blacklist ${HOME}/.smbcredentials
94blacklist ${HOME}/*.kdbx 137blacklist ${HOME}/*.kdbx
95blacklist ${HOME}/*.kdb 138blacklist ${HOME}/*.kdb
96blacklist ${HOME}/*.key 139blacklist ${HOME}/*.key
140blacklist ${HOME}/.muttrc
141blacklist ${HOME}/.mutt/muttrc
142blacklist ${HOME}/.msmtprc
97blacklist /etc/shadow 143blacklist /etc/shadow
98blacklist /etc/gshadow 144blacklist /etc/gshadow
99blacklist /etc/passwd- 145blacklist /etc/passwd-
@@ -106,11 +152,19 @@ blacklist /etc/shadow+
106blacklist /etc/gshadow+ 152blacklist /etc/gshadow+
107blacklist /etc/ssh 153blacklist /etc/ssh
108blacklist /var/backup 154blacklist /var/backup
155blacklist /home/.ecryptfs
156
157# system directories
158blacklist /sbin
159blacklist /usr/sbin
160blacklist /usr/local/sbin
109 161
110# system management 162# system management
111blacklist ${PATH}/umount 163blacklist ${PATH}/umount
112blacklist ${PATH}/mount 164blacklist ${PATH}/mount
113blacklist ${PATH}/fusermount 165blacklist ${PATH}/fusermount
166blacklist ${PATH}/ntfs-3g
167blacklist ${PATH}/at
114blacklist ${PATH}/su 168blacklist ${PATH}/su
115blacklist ${PATH}/sudo 169blacklist ${PATH}/sudo
116blacklist ${PATH}/xinput 170blacklist ${PATH}/xinput
@@ -119,17 +173,45 @@ blacklist ${PATH}/xev
119blacklist ${PATH}/strace 173blacklist ${PATH}/strace
120blacklist ${PATH}/nc 174blacklist ${PATH}/nc
121blacklist ${PATH}/ncat 175blacklist ${PATH}/ncat
176blacklist ${PATH}/gpasswd
177blacklist ${PATH}/newgidmap
178blacklist ${PATH}/newgrp
179blacklist ${PATH}/newuidmap
180blacklist ${PATH}/pkexec
181blacklist ${PATH}/sg
182blacklist ${PATH}/crontab
183blacklist ${PATH}/ksu
184blacklist ${PATH}/chsh
185blacklist ${PATH}/chfn
186blacklist ${PATH}/chage
187blacklist ${PATH}/expiry
188blacklist ${PATH}/unix_chkpwd
189blacklist ${PATH}/procmail
190blacklist ${PATH}/mount.ecryptfs_private
122 191
123# system directories 192# other SUID binaries
124blacklist /sbin 193blacklist /usr/lib/virtualbox
125blacklist /usr/sbin
126blacklist /usr/local/sbin
127 194
128# prevent lxterminal connecting to an existing lxterminal session 195# prevent lxterminal connecting to an existing lxterminal session
129blacklist /tmp/.lxterminal-socket* 196blacklist /tmp/.lxterminal-socket*
130 197
131# disable terminals running as server 198# disable terminals running as server resulting in sandbox escape
132blacklist ${PATH}/gnome-terminal 199blacklist ${PATH}/gnome-terminal
133blacklist ${PATH}/gnome-terminal.wrapper 200blacklist ${PATH}/gnome-terminal.wrapper
134blacklist ${PATH}/xfce4-terminal 201blacklist ${PATH}/xfce4-terminal
135blacklist ${PATH}/xfce4-terminal.wrapper 202blacklist ${PATH}/xfce4-terminal.wrapper
203blacklist ${PATH}/mate-terminal
204blacklist ${PATH}/mate-terminal.wrapper
205blacklist ${PATH}/lilyterm
206blacklist ${PATH}/pantheon-terminal
207blacklist ${PATH}/roxterm
208blacklist ${PATH}/roxterm-config
209blacklist ${PATH}/terminix
210blacklist ${PATH}/urxvtc
211blacklist ${PATH}/urxvtcd
212#konsole doesn't seem to have this problem - last tested on Ubuntu 16.04
213#blacklist ${PATH}/konsole
214
215# kernel files
216blacklist /vmlinuz*
217blacklist /initrd*
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-01 12:14:49 +0000