Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge pull request #1149 from SYN-cook/master | 2017-03-20 | |
|\ | | | | | complete autostart blacklist for KDE | ||
| * | complete autostart blacklist for KDE | 2017-03-19 | |
| | | |||
* | | Handles #1150 | 2017-03-19 | |
|/ | | | | Terminix is being renamed to tilix. This adds ${PATH}/tilix to the blacklisted terminals in disable-common.inc without removing terminix (since there will still be users of terminix). | ||
* | persistent config | 2017-02-09 | |
| | |||
* | profile merges | 2017-01-25 | |
| | |||
* | Prevent tmux connecting to an existing session | 2017-01-22 | |
| | |||
* | profile merges | 2017-01-20 | |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | 2017-01-20 | |
|\ | |||
| * | Merge pull request #1044 from KellerFuchs/disable-path-local | 2017-01-20 | |
| |\ | | | | | | | Make ~/.local read-only | ||
| | * | disable-common: Make ~/.local read-only | 2017-01-12 | |
| | | | |||
| | * | disable-common: Make directories commonly found in $PATH read-only | 2017-01-12 | |
| | | | |||
* | | | Merge branch 'master' of https://github.com/netblue30/firejail | 2017-01-20 | |
|\| | | |||
| * | | Merge pull request #1056 from SYN-cook/master | 2017-01-20 | |
| |\ \ | | | | | | | | | blacklist GNOME keyring and Konqueror | ||
| | * | | blacklist GNOME (and other) keyrings | 2017-01-17 | |
| | | | | | | | | | | | | in .local/share | ||
* | | | | profile merges | 2017-01-20 | |
|/ / / | |||
* | | | Merge pull request #1034 from KellerFuchs/disable-local | 2017-01-11 | |
|\ \ \ | | | | | | | | | etc: Support local customizations in *.inc | ||
| * | | | etc: Support local customizations in *.inc | 2017-01-09 | |
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | This is useful for places, like hashbang.sh, which have site-specific modifications of the *.inc files. With the current setup, the package manager cannot automatically install updated versions of those files, as it would need to somehow merge the site-specific and upstream changes. Having the site-specific changes in separate files solves this. | ||
* | | | Merge pull request #1035 from KellerFuchs/disable-mutt | 2017-01-11 | |
|\ \ \ | |_|/ |/| | | disable-common: Make mutt and msmtp's rc files read-only | ||
| * | | disable-common: Make mutt and msmtp's rc files R/O | 2017-01-10 | |
| |/ | | | | | | | Those allow arbitrary command executions through various mechanisms | ||
* / | hands off bash aliases | 2016-12-27 | |
|/ | | | manipulating aliases means manipulating users (to do things they don't want to do) | ||
* | Merge pull request #979 from curiosity-seeker/master | 2016-12-16 | |
|\ | | | | | Correct skanlite.profile | ||
| * | Update disable-common.inc | 2016-12-15 | |
| | | |||
* | | Add keepassx2 profile | 2016-12-14 | |
|/ | |||
* | remove konsole from the list of restricted terminals in disable-common.inc | 2016-12-08 | |
| | |||
* | Update disable-common.inc | 2016-12-03 | |
| | |||
* | Added profile | 2016-12-03 | |
| | | | Added truecrypt and zuluCrypt | ||
* | blacklisted various program files | 2016-12-01 | |
| | |||
* | xpra fix | 2016-11-29 | |
| | |||
* | ssh fix | 2016-11-24 | |
| | |||
* | completed ecryptfs blacklist | 2016-11-07 | |
| | |||
* | profiles | 2016-11-07 | |
| | |||
* | Blacklist ecryptfs files | 2016-11-06 | |
| | |||
* | minor fixes | 2016-10-26 | |
| | |||
* | resolve conflict | 2016-10-26 | |
|\ | |||
| * | removed ping blacklisting | 2016-10-26 | |
| | | |||
| * | fixes | 2016-10-25 | |
| | | |||
| * | blacklisted kernel files | 2016-10-24 | |
| | | |||
* | | removed blacklist duplate | 2016-10-20 | |
| | | |||
* | | blacklisted common suid programms | 2016-10-19 | |
|/ | |||
* | added muttrc to blacklisted secets | 2016-10-02 | |
| | | | ~/.muttrc, ~/.mutt/muttrc and ~/.msmtprc contain in most cases login credentials of the users mail accounts | ||
* | fixes | 2016-08-20 | |
| | |||
* | New KDE apps and settings path added. | 2016-08-17 | |
| | |||
* | for Issue #637 | 2016-07-18 | |
| | |||
* | disable-common: Blacklist ~/.config/keybase | 2016-07-06 | |
| | | | | This is used by keybase.io's client to store secrets. | ||
* | disable-common: Make ~/.dotfiles and ~/dotfiles RO | 2016-06-18 | |
| | | | | | | Having dotfiles in such a directory, under version control, and symlinking the actual dotfiles to there, is a common-enough practice that I believe should be supported. | ||
* | disable-common: Make ~/.reportbugrc read-only | 2016-06-18 | |
| | | | | | reportbug is a standard Debian tool. Its config file may specify a specific command to use as MTA. | ||
* | disable-common: Make ~/.msmtprc read-only | 2016-06-18 | |
| | | | | | msmtp is a MTA that aims for simplicity and security. ~/.msmtprc may specify commands that are run when sending email. | ||
* | disable-common: Make ~/.emacs.d and ~/.nano read-only | 2016-06-18 | |
| | |||
* | disable-common: Blacklist ~/.smbcredentials | 2016-06-18 | |
| | |||
* | disable-common: Protect caff's files | 2016-06-18 | |
| | | | | | Caff (CA fire & forget) is a popular GnuPG helper for keysigning safely. |