diff options
Diffstat (limited to 'etc/inc/disable-common.inc')
-rw-r--r-- | etc/inc/disable-common.inc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 0de539d57..d724e3b52 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -291,7 +291,15 @@ read-only ${HOME}/.zshrc | |||
291 | read-only ${HOME}/.zshrc.local | 291 | read-only ${HOME}/.zshrc.local |
292 | 292 | ||
293 | # Remote access | 293 | # Remote access |
294 | read-only ${HOME}/.ssh/authorized_keys | 294 | blacklist ${HOME}/.rhosts |
295 | blacklist ${HOME}/.shosts | ||
296 | blacklist ${HOME}/.ssh/authorized_keys | ||
297 | blacklist ${HOME}/.ssh/authorized_keys2 | ||
298 | blacklist ${HOME}/.ssh/environment | ||
299 | blacklist ${HOME}/.ssh/rc | ||
300 | blacklist /etc/hosts.equiv | ||
301 | read-only ${HOME}/.ssh/config | ||
302 | read-only ${HOME}/.ssh/config.d | ||
295 | 303 | ||
296 | # Initialization files that allow arbitrary command execution | 304 | # Initialization files that allow arbitrary command execution |
297 | read-only ${HOME}/.caffrc | 305 | read-only ${HOME}/.caffrc |
@@ -347,6 +355,9 @@ read-only ${HOME}/.local/share/mime | |||
347 | # Write-protection for thumbnailer dir | 355 | # Write-protection for thumbnailer dir |
348 | read-only ${HOME}/.local/share/thumbnailers | 356 | read-only ${HOME}/.local/share/thumbnailers |
349 | 357 | ||
358 | # prevent access to ssh-agent | ||
359 | blacklist /tmp/ssh-* | ||
360 | |||
350 | # top secret | 361 | # top secret |
351 | blacklist ${HOME}/*.kdb | 362 | blacklist ${HOME}/*.kdb |
352 | blacklist ${HOME}/*.kdbx | 363 | blacklist ${HOME}/*.kdbx |
@@ -393,6 +404,7 @@ blacklist /etc/shadow | |||
393 | blacklist /etc/shadow+ | 404 | blacklist /etc/shadow+ |
394 | blacklist /etc/shadow- | 405 | blacklist /etc/shadow- |
395 | blacklist /etc/ssh | 406 | blacklist /etc/ssh |
407 | blacklist /etc/ssh/* | ||
396 | blacklist /home/.ecryptfs | 408 | blacklist /home/.ecryptfs |
397 | blacklist /home/.fscrypt | 409 | blacklist /home/.fscrypt |
398 | blacklist /var/backup | 410 | blacklist /var/backup |