diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ids.config | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/etc/ids.config b/etc/ids.config new file mode 100644 index 000000000..7e03841c9 --- /dev/null +++ b/etc/ids.config | |||
@@ -0,0 +1,134 @@ | |||
1 | # /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System | ||
2 | # | ||
3 | # Each line is a file or directory name such as | ||
4 | # /usr/bin | ||
5 | # or | ||
6 | # ${HOME}/Desktop/*.desktop | ||
7 | # | ||
8 | # ${HOME} is expanded to user home directory, and * is the regular | ||
9 | # globbing match for zero or more characters. | ||
10 | # | ||
11 | # File or directory names starting with ! are not scanned. For example | ||
12 | # !${HOME}/.ssh/known_hosts | ||
13 | # ${HOME}/.ssh | ||
14 | # will scan all files in ~/.ssh directory with the exception of knonw_hosts | ||
15 | # | ||
16 | # This config file is overwritten when a new version of Firejail is installed. | ||
17 | # For global customization use /etc/firejal/ids.config.local. | ||
18 | |||
19 | include ids.config.local | ||
20 | |||
21 | ### system executables ### | ||
22 | /bin | ||
23 | /sbin | ||
24 | /usr/bin | ||
25 | /usr/sbin | ||
26 | /usr/games | ||
27 | /usr/libexec | ||
28 | |||
29 | ### user executables ### | ||
30 | #/usr/local | ||
31 | #/opt | ||
32 | |||
33 | ### system libraries ### | ||
34 | #/lib | ||
35 | #/usr/lib | ||
36 | #/usr/lib32 | ||
37 | #/usr/lib64 | ||
38 | #/usr/libx32 | ||
39 | |||
40 | ### shells local ### | ||
41 | ${HOME}/.bashrc # bash | ||
42 | ${HOME}/.bash_profile | ||
43 | ${HOME}/.bash_login | ||
44 | ${HOME}/.bash_logout | ||
45 | ${HOME}/.zshenv #zsh | ||
46 | ${HOME}/.zshprofile | ||
47 | ${HOME}/.zshrc | ||
48 | ${HOME}/.zlogin | ||
49 | ${HOME}/.zlogout | ||
50 | ${HOME}/.config/fish/config.fish # fish | ||
51 | ${HOME}/.profile # others | ||
52 | ${HOME}/.login | ||
53 | ${HOME}/.logout | ||
54 | ${HOME}/.cshrc | ||
55 | ${HOME}/.tcshrc | ||
56 | ${HOME}/.kshrc | ||
57 | |||
58 | ### shells global ### | ||
59 | /etc/shells # all | ||
60 | /etc/profile | ||
61 | /etc/profile.d | ||
62 | /etc/environment | ||
63 | /etc/skel | ||
64 | /etc/dircolors | ||
65 | /etc/bash.bashrc # bash | ||
66 | /etc/bash_completion* | ||
67 | /etc/bashrc | ||
68 | /etc/zshenv # zsh | ||
69 | /etc/zprofile | ||
70 | /etc/zshrc | ||
71 | /etc/zlogin | ||
72 | /etc/zlogout | ||
73 | /etc/fish # fish | ||
74 | /etc/complete.tcsh # tcsh | ||
75 | /etc/csh.cshrc | ||
76 | /etc/csh.login | ||
77 | /etc/csh.logout | ||
78 | /etc/ksh.kshrc # ksh | ||
79 | |||
80 | ### X11 ### | ||
81 | ${HOME}/.xsessionrc | ||
82 | ${HOME}/.xsession | ||
83 | ${HOME}/.Xsession | ||
84 | ${HOME}/.xinitrc | ||
85 | ${HOME}/.xprofile | ||
86 | ${HOME}/.xmodmaprc | ||
87 | ${HOME}/.xserverrc | ||
88 | ${HOME}/.Xresurces | ||
89 | /etc/X11 | ||
90 | |||
91 | ### window/desktop manager ### | ||
92 | ${HOME}/.config/autostart | ||
93 | ${HOME}/Desktop/*.desktop | ||
94 | ${HOME}/.config/lxsession/LXDE/autostart | ||
95 | ${HOME}/.gnomerc | ||
96 | ${HOME}/.gtkrc | ||
97 | ${HOME}/.kderc | ||
98 | |||
99 | ### security ### | ||
100 | ${HOME}/.gnupg | ||
101 | ${HOME}/.config/firejail | ||
102 | /etc/apparmor* | ||
103 | /etc/selinux | ||
104 | /etc/security | ||
105 | /etc/group* | ||
106 | /etc/gshadow* | ||
107 | /etc/passwd* | ||
108 | /etc/shadow* | ||
109 | /etc/pam.* | ||
110 | /etc/sudoers* | ||
111 | /etc/securetty | ||
112 | /etc/cracklib | ||
113 | /etc/libaudit.conf | ||
114 | /etc/tripwire | ||
115 | /etc/aide | ||
116 | /etc/chkrootkit.conf | ||
117 | /etc/rkhunter.conf | ||
118 | |||
119 | *** network security *** | ||
120 | /etc/services | ||
121 | /etc/hosts.* | ||
122 | /etc/ssl | ||
123 | /etc/ca-certificates* | ||
124 | /usr/share/ca-certificates | ||
125 | !${HOME}/.ssh/known_hosts # excluding | ||
126 | ${HOME}/.ssh | ||
127 | /etc/ssh | ||
128 | /etc/snort | ||
129 | /etc/wireshark | ||
130 | |||
131 | ### system config ### | ||
132 | /etc/default | ||
133 | /etc/crontab | ||
134 | /etc/cron.* | ||