1 files changed, 134 insertions, 0 deletions
diff --git a/etc/ids.config b/etc/ids.config
new file mode 100644
index 000000000..7e03841c9
--- /dev/null
+++ b/etc/ids.config
@@ -0,0 +1,134 @@
+# /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System
+#
+# Each line is a file or directory name such as
+#       /usr/bin
+# or
+#       ${HOME}/Desktop/*.desktop
+#
+# ${HOME} is expanded to user home directory, and * is the regular
+# globbing match for zero or more characters.
+#
+# File or directory names starting with ! are not scanned. For example
+#        !${HOME}/.ssh/known_hosts
+#        ${HOME}/.ssh
+# will scan all files in ~/.ssh directory with the exception of knonw_hosts
+#
+# This config file is overwritten when a new version of Firejail is installed.
+# For global customization use /etc/firejal/ids.config.local.
+include ids.config.local
+### system executables ###
+/bin
+/sbin
+/usr/bin
+/usr/sbin
+/usr/games
+/usr/libexec
+### user executables ###
+#/usr/local
+#/opt
+### system libraries ###
+#/lib
+#/usr/lib
+#/usr/lib32
+#/usr/lib64
+#/usr/libx32
+### shells local ###
+${HOME}/.bashrc         # bash
+${HOME}/.bash_profile
+${HOME}/.bash_login
+${HOME}/.bash_logout
+${HOME}/.zshenv         #zsh
+${HOME}/.zshprofile
+${HOME}/.zshrc
+${HOME}/.zlogin
+${HOME}/.zlogout
+${HOME}/.config/fish/config.fish        # fish
+${HOME}/.profile                # others
+${HOME}/.login
+${HOME}/.logout
+${HOME}/.cshrc
+${HOME}/.tcshrc
+${HOME}/.kshrc
+### shells global ###
+/etc/shells                     # all
+/etc/profile
+/etc/profile.d
+/etc/environment
+/etc/skel
+/etc/dircolors
+/etc/bash.bashrc                # bash
+/etc/bash_completion*
+/etc/bashrc
+/etc/zshenv                     # zsh
+/etc/zprofile
+/etc/zshrc
+/etc/zlogin
+/etc/zlogout
+/etc/fish                       # fish
+/etc/complete.tcsh              # tcsh
+/etc/csh.cshrc
+/etc/csh.login
+/etc/csh.logout
+/etc/ksh.kshrc          # ksh
+### X11 ###
+${HOME}/.xsessionrc
+${HOME}/.xsession
+${HOME}/.Xsession
+${HOME}/.xinitrc
+${HOME}/.xprofile
+${HOME}/.xmodmaprc
+${HOME}/.xserverrc
+${HOME}/.Xresurces
+/etc/X11
+### window/desktop manager ###
+${HOME}/.config/autostart
+${HOME}/Desktop/*.desktop
+${HOME}/.config/lxsession/LXDE/autostart
+${HOME}/.gnomerc
+${HOME}/.gtkrc
+${HOME}/.kderc
+### security ###
+${HOME}/.gnupg
+${HOME}/.config/firejail
+/etc/apparmor*
+/etc/selinux
+/etc/security
+/etc/group*
+/etc/gshadow*
+/etc/passwd*
+/etc/shadow*
+/etc/pam.*
+/etc/sudoers*
+/etc/securetty
+/etc/cracklib
+/etc/libaudit.conf
+/etc/tripwire
+/etc/aide
+/etc/chkrootkit.conf
+/etc/rkhunter.conf
+*** network security ***
+/etc/services
+/etc/hosts.*
+/etc/ssl
+/etc/ca-certificates*
+/usr/share/ca-certificates
+!${HOME}/.ssh/known_hosts       # excluding
+${HOME}/.ssh
+/etc/ssh
+/etc/snort
+/etc/wireshark
+### system config ###
+/etc/default
+/etc/crontab
+/etc/cron.*

diff --git a/etc/ids.config b/etc/ids.config new file mode 100644 index 000000000..7e03841c9 --- /dev/null +++ b/etc/ids.config
@@ -0,0 +1,134 @@
	1	# /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System
	2	#
	3	# Each line is a file or directory name such as
	4	# /usr/bin
	5	# or
	6	# ${HOME}/Desktop/*.desktop
	7	#
	8	# ${HOME} is expanded to user home directory, and * is the regular
	9	# globbing match for zero or more characters.
	10	#
	11	# File or directory names starting with ! are not scanned. For example
	12	# !${HOME}/.ssh/known_hosts
	13	# ${HOME}/.ssh
	14	# will scan all files in ~/.ssh directory with the exception of knonw_hosts
	15	#
	16	# This config file is overwritten when a new version of Firejail is installed.
	17	# For global customization use /etc/firejal/ids.config.local.
	18
	19	include ids.config.local
	20
	21	### system executables ###
	22	/bin
	23	/sbin
	24	/usr/bin
	25	/usr/sbin
	26	/usr/games
	27	/usr/libexec
	28
	29	### user executables ###
	30	#/usr/local
	31	#/opt
	32
	33	### system libraries ###
	34	#/lib
	35	#/usr/lib
	36	#/usr/lib32
	37	#/usr/lib64
	38	#/usr/libx32
	39
	40	### shells local ###
	41	${HOME}/.bashrc # bash
	42	${HOME}/.bash_profile
	43	${HOME}/.bash_login
	44	${HOME}/.bash_logout
	45	${HOME}/.zshenv #zsh
	46	${HOME}/.zshprofile
	47	${HOME}/.zshrc
	48	${HOME}/.zlogin
	49	${HOME}/.zlogout
	50	${HOME}/.config/fish/config.fish # fish
	51	${HOME}/.profile # others
	52	${HOME}/.login
	53	${HOME}/.logout
	54	${HOME}/.cshrc
	55	${HOME}/.tcshrc
	56	${HOME}/.kshrc
	57
	58	### shells global ###
	59	/etc/shells # all
	60	/etc/profile
	61	/etc/profile.d
	62	/etc/environment
	63	/etc/skel
	64	/etc/dircolors
	65	/etc/bash.bashrc # bash
	66	/etc/bash_completion*
	67	/etc/bashrc
	68	/etc/zshenv # zsh
	69	/etc/zprofile
	70	/etc/zshrc
	71	/etc/zlogin
	72	/etc/zlogout
	73	/etc/fish # fish
	74	/etc/complete.tcsh # tcsh
	75	/etc/csh.cshrc
	76	/etc/csh.login
	77	/etc/csh.logout
	78	/etc/ksh.kshrc # ksh
	79
	80	### X11 ###
	81	${HOME}/.xsessionrc
	82	${HOME}/.xsession
	83	${HOME}/.Xsession
	84	${HOME}/.xinitrc
	85	${HOME}/.xprofile
	86	${HOME}/.xmodmaprc
	87	${HOME}/.xserverrc
	88	${HOME}/.Xresurces
	89	/etc/X11
	90
	91	### window/desktop manager ###
	92	${HOME}/.config/autostart
	93	${HOME}/Desktop/*.desktop
	94	${HOME}/.config/lxsession/LXDE/autostart
	95	${HOME}/.gnomerc
	96	${HOME}/.gtkrc
	97	${HOME}/.kderc
	98
	99	### security ###
	100	${HOME}/.gnupg
	101	${HOME}/.config/firejail
	102	/etc/apparmor*
	103	/etc/selinux
	104	/etc/security
	105	/etc/group*
	106	/etc/gshadow*
	107	/etc/passwd*
	108	/etc/shadow*
	109	/etc/pam.*
	110	/etc/sudoers*
	111	/etc/securetty
	112	/etc/cracklib
	113	/etc/libaudit.conf
	114	/etc/tripwire
	115	/etc/aide
	116	/etc/chkrootkit.conf
	117	/etc/rkhunter.conf
	118
	119	* network security *
	120	/etc/services
	121	/etc/hosts.*
	122	/etc/ssl
	123	/etc/ca-certificates*
	124	/usr/share/ca-certificates
	125	!${HOME}/.ssh/known_hosts # excluding
	126	${HOME}/.ssh
	127	/etc/ssh
	128	/etc/snort
	129	/etc/wireshark
	130
	131	### system config ###
	132	/etc/default
	133	/etc/crontab
	134	/etc/cron.*