diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ids.config | 128 |
1 files changed, 68 insertions, 60 deletions
diff --git a/etc/ids.config b/etc/ids.config index 7e03841c9..09b0ae912 100644 --- a/etc/ids.config +++ b/etc/ids.config | |||
@@ -1,34 +1,32 @@ | |||
1 | # /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System | 1 | # /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System |
2 | # This config file is overwritten when a new version of Firejail is installed. | ||
3 | # For global customization use /etc/firejail/ids.config.local. | ||
4 | include ids.config.local | ||
2 | # | 5 | # |
3 | # Each line is a file or directory name such as | 6 | # Each line is a file or directory name such as |
4 | # /usr/bin | 7 | # /usr/bin |
5 | # or | 8 | # or |
6 | # ${HOME}/Desktop/*.desktop | 9 | # ${HOME}/Desktop/*.desktop |
7 | # | 10 | # |
8 | # ${HOME} is expanded to user home directory, and * is the regular | 11 | # ${HOME} is expanded to the user's home directory, and * is the regular |
9 | # globbing match for zero or more characters. | 12 | # globbing match for zero or more characters. |
10 | # | 13 | # |
11 | # File or directory names starting with ! are not scanned. For example | 14 | # File or directory names starting with ! are not scanned. For example |
12 | # !${HOME}/.ssh/known_hosts | 15 | # !${HOME}/.ssh/known_hosts |
13 | # ${HOME}/.ssh | 16 | # ${HOME}/.ssh |
14 | # will scan all files in ~/.ssh directory with the exception of knonw_hosts | 17 | # will scan all files in ~/.ssh directory with the exception of known_hosts |
15 | # | ||
16 | # This config file is overwritten when a new version of Firejail is installed. | ||
17 | # For global customization use /etc/firejal/ids.config.local. | ||
18 | |||
19 | include ids.config.local | ||
20 | 18 | ||
21 | ### system executables ### | 19 | ### system executables ### |
22 | /bin | 20 | /bin |
23 | /sbin | 21 | /sbin |
24 | /usr/bin | 22 | /usr/bin |
25 | /usr/sbin | ||
26 | /usr/games | 23 | /usr/games |
27 | /usr/libexec | 24 | /usr/libexec |
25 | /usr/sbin | ||
28 | 26 | ||
29 | ### user executables ### | 27 | ### user executables ### |
30 | #/usr/local | ||
31 | #/opt | 28 | #/opt |
29 | #/usr/local | ||
32 | 30 | ||
33 | ### system libraries ### | 31 | ### system libraries ### |
34 | #/lib | 32 | #/lib |
@@ -38,97 +36,107 @@ include ids.config.local | |||
38 | #/usr/libx32 | 36 | #/usr/libx32 |
39 | 37 | ||
40 | ### shells local ### | 38 | ### shells local ### |
41 | ${HOME}/.bashrc # bash | 39 | # bash |
42 | ${HOME}/.bash_profile | ||
43 | ${HOME}/.bash_login | 40 | ${HOME}/.bash_login |
44 | ${HOME}/.bash_logout | 41 | ${HOME}/.bash_logout |
45 | ${HOME}/.zshenv #zsh | 42 | ${HOME}/.bash_profile |
46 | ${HOME}/.zshprofile | 43 | ${HOME}/.bashrc |
47 | ${HOME}/.zshrc | 44 | # fish |
48 | ${HOME}/.zlogin | 45 | ${HOME}/.config/fish/config.fish |
49 | ${HOME}/.zlogout | 46 | # others |
50 | ${HOME}/.config/fish/config.fish # fish | 47 | ${HOME}/.cshrc |
51 | ${HOME}/.profile # others | 48 | ${HOME}/.kshrc |
52 | ${HOME}/.login | 49 | ${HOME}/.login |
53 | ${HOME}/.logout | 50 | ${HOME}/.logout |
54 | ${HOME}/.cshrc | 51 | ${HOME}/.profile |
55 | ${HOME}/.tcshrc | 52 | ${HOME}/.tcshrc |
56 | ${HOME}/.kshrc | 53 | # zsh |
54 | ${HOME}/.zlogin | ||
55 | ${HOME}/.zlogout | ||
56 | ${HOME}/.zshenv | ||
57 | ${HOME}/.zshprofile | ||
58 | ${HOME}/.zshrc | ||
57 | 59 | ||
58 | ### shells global ### | 60 | ### shells global ### |
59 | /etc/shells # all | 61 | # all |
62 | /etc/dircolors | ||
63 | /etc/environment | ||
60 | /etc/profile | 64 | /etc/profile |
61 | /etc/profile.d | 65 | /etc/profile.d |
62 | /etc/environment | 66 | /etc/shells |
63 | /etc/skel | 67 | /etc/skel |
64 | /etc/dircolors | 68 | # bash |
65 | /etc/bash.bashrc # bash | ||
66 | /etc/bash_completion* | 69 | /etc/bash_completion* |
70 | /etc/bash.bashrc | ||
67 | /etc/bashrc | 71 | /etc/bashrc |
68 | /etc/zshenv # zsh | 72 | # fish |
69 | /etc/zprofile | 73 | /etc/fish |
70 | /etc/zshrc | 74 | # ksh |
71 | /etc/zlogin | 75 | /etc/ksh.kshrc |
72 | /etc/zlogout | 76 | # tcsh |
73 | /etc/fish # fish | 77 | /etc/complete.tcsh |
74 | /etc/complete.tcsh # tcsh | ||
75 | /etc/csh.cshrc | 78 | /etc/csh.cshrc |
76 | /etc/csh.login | 79 | /etc/csh.login |
77 | /etc/csh.logout | 80 | /etc/csh.logout |
78 | /etc/ksh.kshrc # ksh | 81 | # zsh |
82 | /etc/zlogin | ||
83 | /etc/zlogout | ||
84 | /etc/zprofile | ||
85 | /etc/zshenv | ||
86 | /etc/zshrc | ||
79 | 87 | ||
80 | ### X11 ### | 88 | ### X11 ### |
81 | ${HOME}/.xsessionrc | 89 | /etc/X11 |
82 | ${HOME}/.xsession | ||
83 | ${HOME}/.Xsession | ||
84 | ${HOME}/.xinitrc | 90 | ${HOME}/.xinitrc |
85 | ${HOME}/.xprofile | ||
86 | ${HOME}/.xmodmaprc | 91 | ${HOME}/.xmodmaprc |
92 | ${HOME}/.xprofile | ||
93 | ${HOME}/.Xresources | ||
87 | ${HOME}/.xserverrc | 94 | ${HOME}/.xserverrc |
88 | ${HOME}/.Xresurces | 95 | ${HOME}/.Xsession |
89 | /etc/X11 | 96 | ${HOME}/.xsession |
97 | ${HOME}/.xsessionrc | ||
90 | 98 | ||
91 | ### window/desktop manager ### | 99 | ### window/desktop manager ### |
92 | ${HOME}/.config/autostart | ||
93 | ${HOME}/Desktop/*.desktop | 100 | ${HOME}/Desktop/*.desktop |
101 | ${HOME}/.config/autostart | ||
94 | ${HOME}/.config/lxsession/LXDE/autostart | 102 | ${HOME}/.config/lxsession/LXDE/autostart |
95 | ${HOME}/.gnomerc | 103 | ${HOME}/.gnomerc |
96 | ${HOME}/.gtkrc | 104 | ${HOME}/.gtkrc |
97 | ${HOME}/.kderc | 105 | ${HOME}/.kderc |
98 | 106 | ||
99 | ### security ### | 107 | ### security ### |
100 | ${HOME}/.gnupg | 108 | /etc/aide |
101 | ${HOME}/.config/firejail | ||
102 | /etc/apparmor* | 109 | /etc/apparmor* |
103 | /etc/selinux | 110 | /etc/chkrootkit.conf |
104 | /etc/security | 111 | /etc/cracklib |
112 | /etc/libaudit.conf | ||
105 | /etc/group* | 113 | /etc/group* |
106 | /etc/gshadow* | 114 | /etc/gshadow* |
115 | /etc/pam.* | ||
107 | /etc/passwd* | 116 | /etc/passwd* |
117 | /etc/rkhunter* | ||
118 | /etc/securetty | ||
119 | /etc/security | ||
120 | /etc/selinux | ||
108 | /etc/shadow* | 121 | /etc/shadow* |
109 | /etc/pam.* | ||
110 | /etc/sudoers* | 122 | /etc/sudoers* |
111 | /etc/securetty | ||
112 | /etc/cracklib | ||
113 | /etc/libaudit.conf | ||
114 | /etc/tripwire | 123 | /etc/tripwire |
115 | /etc/aide | 124 | ${HOME}/.config/firejail |
116 | /etc/chkrootkit.conf | 125 | ${HOME}/.gnupg |
117 | /etc/rkhunter.conf | ||
118 | 126 | ||
119 | *** network security *** | 127 | ### network security ### |
120 | /etc/services | ||
121 | /etc/hosts.* | ||
122 | /etc/ssl | ||
123 | /etc/ca-certificates* | 128 | /etc/ca-certificates* |
124 | /usr/share/ca-certificates | 129 | /etc/hosts.* |
125 | !${HOME}/.ssh/known_hosts # excluding | 130 | /etc/services |
126 | ${HOME}/.ssh | ||
127 | /etc/ssh | ||
128 | /etc/snort | 131 | /etc/snort |
132 | /etc/ssh | ||
133 | /etc/ssl | ||
129 | /etc/wireshark | 134 | /etc/wireshark |
135 | !${HOME}/.ssh/known_hosts # excluding | ||
136 | ${HOME}/.ssh | ||
137 | /usr/share/ca-certificates | ||
130 | 138 | ||
131 | ### system config ### | 139 | ### system config ### |
132 | /etc/default | ||
133 | /etc/crontab | ||
134 | /etc/cron.* | 140 | /etc/cron.* |
141 | /etc/crontab | ||
142 | /etc/default | ||