From c8dd81d3fad3dd0007fcbdbea49ed2a6c5ee556c Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 28 Jul 2021 16:11:52 +0000 Subject: fix grammar --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5fde0b74b..5b12f551b 100644 --- a/README.md +++ b/README.md @@ -229,7 +229,7 @@ Warning: modified /home/netblue/.bashrc The program will print the files that have been modified since the database was created, or the files with different access permissions. New files and deleted files are also flagged. -Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access are silently dropped. +Currently while scanning the file system symbolic links are not followed, and files the user doesn't have read access to are silently dropped. The program can also be run as root (sudo firejail --ids-init/--ids-check). ### Profile Statistics -- cgit v1.2.3-54-g00ecf From 6e0504feaaed3cffccfb6a91768103d9c7b3c918 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 28 Jul 2021 16:38:20 +0000 Subject: reordering and fix for ids.config --- etc/ids.config | 124 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 66 insertions(+), 58 deletions(-) diff --git a/etc/ids.config b/etc/ids.config index 7e03841c9..482083ec0 100644 --- a/etc/ids.config +++ b/etc/ids.config @@ -1,34 +1,32 @@ # /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System +# This config file is overwritten when a new version of Firejail is installed. +# For global customization use /etc/firejail/ids.config.local. +include ids.config.local # # Each line is a file or directory name such as # /usr/bin # or # ${HOME}/Desktop/*.desktop # -# ${HOME} is expanded to user home directory, and * is the regular +# ${HOME} is expanded to the user's home directory, and * is the regular # globbing match for zero or more characters. # # File or directory names starting with ! are not scanned. For example # !${HOME}/.ssh/known_hosts # ${HOME}/.ssh -# will scan all files in ~/.ssh directory with the exception of knonw_hosts -# -# This config file is overwritten when a new version of Firejail is installed. -# For global customization use /etc/firejal/ids.config.local. - -include ids.config.local +# will scan all files in ~/.ssh directory with the exception of known_hosts ### system executables ### /bin /sbin /usr/bin -/usr/sbin /usr/games /usr/libexec +/usr/sbin ### user executables ### -#/usr/local #/opt +#/usr/local ### system libraries ### #/lib @@ -38,97 +36,107 @@ include ids.config.local #/usr/libx32 ### shells local ### -${HOME}/.bashrc # bash -${HOME}/.bash_profile +# bash ${HOME}/.bash_login ${HOME}/.bash_logout -${HOME}/.zshenv #zsh -${HOME}/.zshprofile -${HOME}/.zshrc -${HOME}/.zlogin -${HOME}/.zlogout -${HOME}/.config/fish/config.fish # fish -${HOME}/.profile # others +${HOME}/.bash_profile +${HOME}/.bashrc +# fish +${HOME}/.config/fish/config.fish +# others +${HOME}/.cshrc +${HOME}/.kshrc ${HOME}/.login ${HOME}/.logout -${HOME}/.cshrc +${HOME}/.profile ${HOME}/.tcshrc -${HOME}/.kshrc +# zsh +${HOME}/.zlogin +${HOME}/.zlogout +${HOME}/.zshenv +${HOME}/.zshprofile +${HOME}/.zshrc ### shells global ### -/etc/shells # all +# all +/etc/dircolors +/etc/environment /etc/profile /etc/profile.d -/etc/environment +/etc/shells /etc/skel -/etc/dircolors -/etc/bash.bashrc # bash +# bash /etc/bash_completion* +/etc/bash.bashrc /etc/bashrc -/etc/zshenv # zsh -/etc/zprofile -/etc/zshrc -/etc/zlogin -/etc/zlogout -/etc/fish # fish -/etc/complete.tcsh # tcsh +# fish +/etc/fish +# ksh +/etc/ksh.kshrc +# tcsh +/etc/complete.tcsh /etc/csh.cshrc /etc/csh.login /etc/csh.logout -/etc/ksh.kshrc # ksh +# zsh +/etc/zlogin +/etc/zlogout +/etc/zprofile +/etc/zshenv +/etc/zshrc ### X11 ### -${HOME}/.xsessionrc -${HOME}/.xsession -${HOME}/.Xsession ${HOME}/.xinitrc -${HOME}/.xprofile ${HOME}/.xmodmaprc +${HOME}/.xprofile +${HOME}/.Xresources ${HOME}/.xserverrc -${HOME}/.Xresurces +${HOME}/.Xsession +${HOME}/.xsession +${HOME}/.xsessionrc /etc/X11 ### window/desktop manager ### -${HOME}/.config/autostart ${HOME}/Desktop/*.desktop +${HOME}/.config/autostart ${HOME}/.config/lxsession/LXDE/autostart ${HOME}/.gnomerc ${HOME}/.gtkrc ${HOME}/.kderc ### security ### -${HOME}/.gnupg ${HOME}/.config/firejail +${HOME}/.gnupg +/etc/aide /etc/apparmor* -/etc/selinux -/etc/security +/etc/chkrootkit.conf +/etc/cracklib +/etc/libaudit.conf /etc/group* /etc/gshadow* +/etc/pam.* /etc/passwd* +/etc/rkhunter* +/etc/securetty +/etc/security +/etc/selinux /etc/shadow* -/etc/pam.* /etc/sudoers* -/etc/securetty -/etc/cracklib -/etc/libaudit.conf /etc/tripwire -/etc/aide -/etc/chkrootkit.conf -/etc/rkhunter.conf -*** network security *** -/etc/services -/etc/hosts.* -/etc/ssl -/etc/ca-certificates* -/usr/share/ca-certificates -!${HOME}/.ssh/known_hosts # excluding +### network security ### +!${HOME}/.ssh/known_hosts # excluding ${HOME}/.ssh -/etc/ssh +/etc/ca-certificates* +/etc/hosts.* +/etc/services /etc/snort +/etc/ssh +/etc/ssl /etc/wireshark +/usr/share/ca-certificates ### system config ### -/etc/default -/etc/crontab /etc/cron.* +/etc/crontab +/etc/default -- cgit v1.2.3-54-g00ecf From 4e373a8a7f142ec03d83a84451165c1c5756bbcd Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 28 Jul 2021 16:40:43 +0000 Subject: improved reordening for ids.config --- etc/ids.config | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etc/ids.config b/etc/ids.config index 482083ec0..09b0ae912 100644 --- a/etc/ids.config +++ b/etc/ids.config @@ -86,6 +86,7 @@ ${HOME}/.zshrc /etc/zshrc ### X11 ### +/etc/X11 ${HOME}/.xinitrc ${HOME}/.xmodmaprc ${HOME}/.xprofile @@ -94,7 +95,6 @@ ${HOME}/.xserverrc ${HOME}/.Xsession ${HOME}/.xsession ${HOME}/.xsessionrc -/etc/X11 ### window/desktop manager ### ${HOME}/Desktop/*.desktop @@ -105,8 +105,6 @@ ${HOME}/.gtkrc ${HOME}/.kderc ### security ### -${HOME}/.config/firejail -${HOME}/.gnupg /etc/aide /etc/apparmor* /etc/chkrootkit.conf @@ -123,10 +121,10 @@ ${HOME}/.gnupg /etc/shadow* /etc/sudoers* /etc/tripwire +${HOME}/.config/firejail +${HOME}/.gnupg ### network security ### -!${HOME}/.ssh/known_hosts # excluding -${HOME}/.ssh /etc/ca-certificates* /etc/hosts.* /etc/services @@ -134,6 +132,8 @@ ${HOME}/.ssh /etc/ssh /etc/ssl /etc/wireshark +!${HOME}/.ssh/known_hosts # excluding +${HOME}/.ssh /usr/share/ca-certificates ### system config ### -- cgit v1.2.3-54-g00ecf