From 24c11634594842c222367299a748a38bd4dd8ff3 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Thu, 2 Jan 2020 21:13:38 +0000
Subject: Extra hardening for wget

---
 etc/wget.profile | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/etc/wget.profile b/etc/wget.profile
index c034a3f0e..5b1ba6202 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -7,13 +7,20 @@ include wget.local
 # Persistent global definitions
 include globals.local
 
+noblacklist ${HOME}/.netrc
 noblacklist ${HOME}/.wget-hsts
 noblacklist ${HOME}/.wgetrc
 
+blacklist /tmp/.X11-unix
+
 include disable-common.inc
+include disable-devel.inc
 include disable-exec.inc
+include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+# depending on workflow you can uncomment the below or put 'include disable-xdg.inc' in your wget.local
+include disable-xdg.inc
 
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -21,6 +28,7 @@ include whitelist-var-common.inc
 caps.drop all
 ipc-namespace
 machine-id
+nodbus
 netfilter
 no3d
 nodvd
@@ -36,9 +44,13 @@ seccomp
 shell none
 tracelog
 
-# private-bin wget
+private-bin wget
+private-cache
 private-dev
-# private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl
+
+
+# depending on workflow you can uncomment the below or put this private-etc in your wget.local
+#private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl,wgetrc
 # private-tmp
 
 memory-deny-write-execute
-- 
cgit v1.2.3-54-g00ecf