aboutsummaryrefslogtreecommitdiffstats
path: root/etc/inc/disable-common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/disable-common.inc')
-rw-r--r--etc/inc/disable-common.inc14
1 files changed, 13 insertions, 1 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 0de539d57..d724e3b52 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -291,7 +291,15 @@ read-only ${HOME}/.zshrc
291read-only ${HOME}/.zshrc.local 291read-only ${HOME}/.zshrc.local
292 292
293# Remote access 293# Remote access
294read-only ${HOME}/.ssh/authorized_keys 294blacklist ${HOME}/.rhosts
295blacklist ${HOME}/.shosts
296blacklist ${HOME}/.ssh/authorized_keys
297blacklist ${HOME}/.ssh/authorized_keys2
298blacklist ${HOME}/.ssh/environment
299blacklist ${HOME}/.ssh/rc
300blacklist /etc/hosts.equiv
301read-only ${HOME}/.ssh/config
302read-only ${HOME}/.ssh/config.d
295 303
296# Initialization files that allow arbitrary command execution 304# Initialization files that allow arbitrary command execution
297read-only ${HOME}/.caffrc 305read-only ${HOME}/.caffrc
@@ -347,6 +355,9 @@ read-only ${HOME}/.local/share/mime
347# Write-protection for thumbnailer dir 355# Write-protection for thumbnailer dir
348read-only ${HOME}/.local/share/thumbnailers 356read-only ${HOME}/.local/share/thumbnailers
349 357
358# prevent access to ssh-agent
359blacklist /tmp/ssh-*
360
350# top secret 361# top secret
351blacklist ${HOME}/*.kdb 362blacklist ${HOME}/*.kdb
352blacklist ${HOME}/*.kdbx 363blacklist ${HOME}/*.kdbx
@@ -393,6 +404,7 @@ blacklist /etc/shadow
393blacklist /etc/shadow+ 404blacklist /etc/shadow+
394blacklist /etc/shadow- 405blacklist /etc/shadow-
395blacklist /etc/ssh 406blacklist /etc/ssh
407blacklist /etc/ssh/*
396blacklist /home/.ecryptfs 408blacklist /home/.ecryptfs
397blacklist /home/.fscrypt 409blacklist /home/.fscrypt
398blacklist /var/backup 410blacklist /var/backup
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 06:38:14 +0000