1 files changed, 142 insertions, 0 deletions
diff --git a/etc/ids.config b/etc/ids.config
new file mode 100644
index 000000000..09b0ae912
--- /dev/null
+++ b/etc/ids.config
@@ -0,0 +1,142 @@
+# /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System
+# This config file is overwritten when a new version of Firejail is installed.
+# For global customization use /etc/firejail/ids.config.local.
+include ids.config.local
+#
+# Each line is a file or directory name such as
+#       /usr/bin
+# or
+#       ${HOME}/Desktop/*.desktop
+#
+# ${HOME} is expanded to the user's home directory, and * is the regular
+# globbing match for zero or more characters.
+#
+# File or directory names starting with ! are not scanned. For example
+#        !${HOME}/.ssh/known_hosts
+#        ${HOME}/.ssh
+# will scan all files in ~/.ssh directory with the exception of known_hosts
+### system executables ###
+/bin
+/sbin
+/usr/bin
+/usr/games
+/usr/libexec
+/usr/sbin
+### user executables ###
+#/opt
+#/usr/local
+### system libraries ###
+#/lib
+#/usr/lib
+#/usr/lib32
+#/usr/lib64
+#/usr/libx32
+### shells local ###
+# bash
+${HOME}/.bash_login
+${HOME}/.bash_logout
+${HOME}/.bash_profile
+${HOME}/.bashrc
+# fish
+${HOME}/.config/fish/config.fish
+# others
+${HOME}/.cshrc
+${HOME}/.kshrc
+${HOME}/.login
+${HOME}/.logout
+${HOME}/.profile
+${HOME}/.tcshrc
+# zsh
+${HOME}/.zlogin
+${HOME}/.zlogout
+${HOME}/.zshenv
+${HOME}/.zshprofile
+${HOME}/.zshrc
+### shells global ###
+# all
+/etc/dircolors
+/etc/environment
+/etc/profile
+/etc/profile.d
+/etc/shells
+/etc/skel
+# bash
+/etc/bash_completion*
+/etc/bash.bashrc
+/etc/bashrc
+# fish
+/etc/fish
+# ksh
+/etc/ksh.kshrc
+# tcsh
+/etc/complete.tcsh
+/etc/csh.cshrc
+/etc/csh.login
+/etc/csh.logout
+# zsh
+/etc/zlogin
+/etc/zlogout
+/etc/zprofile
+/etc/zshenv
+/etc/zshrc
+### X11 ###
+/etc/X11
+${HOME}/.xinitrc
+${HOME}/.xmodmaprc
+${HOME}/.xprofile
+${HOME}/.Xresources
+${HOME}/.xserverrc
+${HOME}/.Xsession
+${HOME}/.xsession
+${HOME}/.xsessionrc
+### window/desktop manager ###
+${HOME}/Desktop/*.desktop
+${HOME}/.config/autostart
+${HOME}/.config/lxsession/LXDE/autostart
+${HOME}/.gnomerc
+${HOME}/.gtkrc
+${HOME}/.kderc
+### security ###
+/etc/aide
+/etc/apparmor*
+/etc/chkrootkit.conf
+/etc/cracklib
+/etc/libaudit.conf
+/etc/group*
+/etc/gshadow*
+/etc/pam.*
+/etc/passwd*
+/etc/rkhunter*
+/etc/securetty
+/etc/security
+/etc/selinux
+/etc/shadow*
+/etc/sudoers*
+/etc/tripwire
+${HOME}/.config/firejail
+${HOME}/.gnupg
+### network security ###
+/etc/ca-certificates*
+/etc/hosts.*
+/etc/services
+/etc/snort
+/etc/ssh
+/etc/ssl
+/etc/wireshark
+!${HOME}/.ssh/known_hosts # excluding
+${HOME}/.ssh
+/usr/share/ca-certificates
+### system config ###
+/etc/cron.*
+/etc/crontab
+/etc/default

diff --git a/etc/ids.config b/etc/ids.config new file mode 100644 index 000000000..09b0ae912 --- /dev/null +++ b/etc/ids.config
@@ -0,0 +1,142 @@
	1	# /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System
	2	# This config file is overwritten when a new version of Firejail is installed.
	3	# For global customization use /etc/firejail/ids.config.local.
	4	include ids.config.local
	5	#
	6	# Each line is a file or directory name such as
	7	# /usr/bin
	8	# or
	9	# ${HOME}/Desktop/*.desktop
	10	#
	11	# ${HOME} is expanded to the user's home directory, and * is the regular
	12	# globbing match for zero or more characters.
	13	#
	14	# File or directory names starting with ! are not scanned. For example
	15	# !${HOME}/.ssh/known_hosts
	16	# ${HOME}/.ssh
	17	# will scan all files in ~/.ssh directory with the exception of known_hosts
	18
	19	### system executables ###
	20	/bin
	21	/sbin
	22	/usr/bin
	23	/usr/games
	24	/usr/libexec
	25	/usr/sbin
	26
	27	### user executables ###
	28	#/opt
	29	#/usr/local
	30
	31	### system libraries ###
	32	#/lib
	33	#/usr/lib
	34	#/usr/lib32
	35	#/usr/lib64
	36	#/usr/libx32
	37
	38	### shells local ###
	39	# bash
	40	${HOME}/.bash_login
	41	${HOME}/.bash_logout
	42	${HOME}/.bash_profile
	43	${HOME}/.bashrc
	44	# fish
	45	${HOME}/.config/fish/config.fish
	46	# others
	47	${HOME}/.cshrc
	48	${HOME}/.kshrc
	49	${HOME}/.login
	50	${HOME}/.logout
	51	${HOME}/.profile
	52	${HOME}/.tcshrc
	53	# zsh
	54	${HOME}/.zlogin
	55	${HOME}/.zlogout
	56	${HOME}/.zshenv
	57	${HOME}/.zshprofile
	58	${HOME}/.zshrc
	59
	60	### shells global ###
	61	# all
	62	/etc/dircolors
	63	/etc/environment
	64	/etc/profile
	65	/etc/profile.d
	66	/etc/shells
	67	/etc/skel
	68	# bash
	69	/etc/bash_completion*
	70	/etc/bash.bashrc
	71	/etc/bashrc
	72	# fish
	73	/etc/fish
	74	# ksh
	75	/etc/ksh.kshrc
	76	# tcsh
	77	/etc/complete.tcsh
	78	/etc/csh.cshrc
	79	/etc/csh.login
	80	/etc/csh.logout
	81	# zsh
	82	/etc/zlogin
	83	/etc/zlogout
	84	/etc/zprofile
	85	/etc/zshenv
	86	/etc/zshrc
	87
	88	### X11 ###
	89	/etc/X11
	90	${HOME}/.xinitrc
	91	${HOME}/.xmodmaprc
	92	${HOME}/.xprofile
	93	${HOME}/.Xresources
	94	${HOME}/.xserverrc
	95	${HOME}/.Xsession
	96	${HOME}/.xsession
	97	${HOME}/.xsessionrc
	98
	99	### window/desktop manager ###
	100	${HOME}/Desktop/*.desktop
	101	${HOME}/.config/autostart
	102	${HOME}/.config/lxsession/LXDE/autostart
	103	${HOME}/.gnomerc
	104	${HOME}/.gtkrc
	105	${HOME}/.kderc
	106
	107	### security ###
	108	/etc/aide
	109	/etc/apparmor*
	110	/etc/chkrootkit.conf
	111	/etc/cracklib
	112	/etc/libaudit.conf
	113	/etc/group*
	114	/etc/gshadow*
	115	/etc/pam.*
	116	/etc/passwd*
	117	/etc/rkhunter*
	118	/etc/securetty
	119	/etc/security
	120	/etc/selinux
	121	/etc/shadow*
	122	/etc/sudoers*
	123	/etc/tripwire
	124	${HOME}/.config/firejail
	125	${HOME}/.gnupg
	126
	127	### network security ###
	128	/etc/ca-certificates*
	129	/etc/hosts.*
	130	/etc/services
	131	/etc/snort
	132	/etc/ssh
	133	/etc/ssl
	134	/etc/wireshark
	135	!${HOME}/.ssh/known_hosts # excluding
	136	${HOME}/.ssh
	137	/usr/share/ca-certificates
	138
	139	### system config ###
	140	/etc/cron.*
	141	/etc/crontab
	142	/etc/default