diff options
Diffstat (limited to 'etc/inc/disable-common.inc')
-rw-r--r-- | etc/inc/disable-common.inc | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index ce4f08958..438e90499 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -319,16 +319,10 @@ read-only ${HOME}/.zshenv | |||
319 | read-only ${HOME}/.zshrc | 319 | read-only ${HOME}/.zshrc |
320 | read-only ${HOME}/.zshrc.local | 320 | read-only ${HOME}/.zshrc.local |
321 | 321 | ||
322 | # Remote access | 322 | # Remote access - ${HOME}/.ssh directory blacklisted in top secret section below |
323 | blacklist ${HOME}/.rhosts | 323 | blacklist ${HOME}/.rhosts |
324 | blacklist ${HOME}/.shosts | 324 | blacklist ${HOME}/.shosts |
325 | blacklist ${HOME}/.ssh/authorized_keys | ||
326 | blacklist ${HOME}/.ssh/authorized_keys2 | ||
327 | blacklist ${HOME}/.ssh/environment | ||
328 | blacklist ${HOME}/.ssh/rc | ||
329 | blacklist /etc/hosts.equiv | 325 | blacklist /etc/hosts.equiv |
330 | read-only ${HOME}/.ssh/config | ||
331 | read-only ${HOME}/.ssh/config.d | ||
332 | 326 | ||
333 | # Initialization files that allow arbitrary command execution | 327 | # Initialization files that allow arbitrary command execution |
334 | read-only ${HOME}/.caffrc | 328 | read-only ${HOME}/.caffrc |
@@ -536,7 +530,6 @@ blacklist ${PATH}/umount | |||
536 | blacklist ${PATH}/unix_chkpwd | 530 | blacklist ${PATH}/unix_chkpwd |
537 | blacklist ${PATH}/xev | 531 | blacklist ${PATH}/xev |
538 | blacklist ${PATH}/xinput | 532 | blacklist ${PATH}/xinput |
539 | # from 0.9.67 | ||
540 | blacklist /usr/lib/openssh | 533 | blacklist /usr/lib/openssh |
541 | blacklist /usr/lib/ssh | 534 | blacklist /usr/lib/ssh |
542 | blacklist /usr/libexec/openssh | 535 | blacklist /usr/libexec/openssh |
@@ -672,7 +665,7 @@ blacklist ${PATH}/unbound-host | |||
672 | 665 | ||
673 | # prevent an intruder to guess passwords using regular network tools | 666 | # prevent an intruder to guess passwords using regular network tools |
674 | blacklist ${PATH}/ftp | 667 | blacklist ${PATH}/ftp |
675 | blacklist ${PATH}/ssh | 668 | blacklist ${PATH}/ssh* |
676 | blacklist ${PATH}/telnet | 669 | blacklist ${PATH}/telnet |
677 | 670 | ||
678 | # rest of ${RUNUSER} | 671 | # rest of ${RUNUSER} |