From eb6a65889480d8090e0e4d81e2f79a5c7e23df39 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 27 Mar 2016 10:11:47 -0400 Subject: fixed servers.profile --- etc/server.profile | 3 +++ test/test-root.sh | 37 +++++++++++++++++++------------------ todo | 2 -- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/etc/server.profile b/etc/server.profile index dde80bd18..61d10ba64 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -2,6 +2,9 @@ # it allows /sbin and /usr/sbin directories - this is where servers are installed noblacklist /sbin noblacklist /usr/sbin +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc + private private-dev private-tmp diff --git a/test/test-root.sh b/test/test-root.sh index 1c3fc4c96..7e1a0b968 100755 --- a/test/test-root.sh +++ b/test/test-root.sh @@ -2,80 +2,81 @@ ./chk_config.exp -echo "TESTING: tmpfs" +echo "TESTING: tmpfs (option_tmpfs.exp)" ./option_tmpfs.exp -echo "TESTING: profile tmpfs" +echo "TESTING: profile tmpfs (profile_tmpfs)" ./profile_tmpfs.exp -echo "TESTING: network interfaces" +echo "TESTING: network interfaces (net_interface.exp)" ./net_interface.exp -echo "TESTING: chroot" +echo "TESTING: chroot (fs_chroot_asroot.exp)" ./fs_chroot_asroot.exp if [ -f /etc/init.d/snmpd ] then - echo "TESTING: servers snmpd, private-dev" + echo "TESTING: servers snmpd, private-dev (servers2.exp)" ./servers2.exp fi if [ -f /etc/init.d/apache2 ] then - echo "TESTING: servers apache2, private-dev, private-tmp" + echo "TESTING: servers apache2, private-dev, private-tmp (servers3.exp)" ./servers3.exp fi if [ -f /etc/init.d/isc-dhcp-server ] then - echo "TESTING: servers isc dhcp server, private-dev" + echo "TESTING: servers isc dhcp server, private-dev (servers4.exp)" ./servers4.exp fi if [ -f /etc/init.d/unbound ] then - echo "TESTING: servers unbound, private-dev, private-tmp" + echo "TESTING: servers unbound, private-dev, private-tmp (servers5.exp)" ./servers5.exp fi if [ -f /etc/init.d/nginx ] then - echo "TESTING: servers nginx, private-dev, private-tmp" + echo "TESTING: servers nginx, private-dev, private-tmp (servers6.exp)" ./servers6.exp fi -echo "TESTING: /proc/sysrq-trigger reset disabled" +echo "TESTING: /proc/sysrq-trigger reset disabled (sysrq-trigger.exp)" ./sysrq-trigger.exp -echo "TESTING: seccomp umount" +echo "TESTING: seccomp umount (seccomp-umount.exp)" ./seccomp-umount.exp -echo "TESTING: seccomp chmod (seccomp lists)" +echo "TESTING: seccomp chmod (seccomp-chmod.exp)" ./seccomp-chmod.exp -echo "TESTING: seccomp chown (seccomp lists)" +echo "TESTING: seccomp chown (seccomp-chown.exp)" ./seccomp-chown.exp -echo "TESTING: bind directory" +echo "TESTING: bind directory (option_bind_directory.exp)" ./option_bind_directory.exp -echo "TESTING: bind file" +echo "TESTING: bind file (option_bind_file.exp)" echo hello > tmpfile ./option_bind_file.exp rm -f tmpfile -echo "TESTING: firemon --interface" +echo "TESTING: firemon --interface (firemon-interface.exp)" ./firemon-interface.exp if [ -f /sys/fs/cgroup/g1/tasks ] then - echo "TESTING: firemon --cgroup" + echo "TESTING: firemon --cgroup (firemon-cgroup.exp)" ./firemon-cgroup.exp fi -echo "TESTING: chroot resolv.conf" +echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)" rm -f tmpfile touch tmpfile +rm -f /tmp/chroot/etc/resolv.conf ln -s tmp /tmp/chroot/etc/resolv.conf ./chroot-resolvconf.exp rm -f tmpfile diff --git a/todo b/todo index 4d00229c1..4e7d20e7f 100644 --- a/todo +++ b/todo @@ -75,5 +75,3 @@ CapBnd: 0000003fffffffff CapAmb: 0000000000000000 11. cleanup thunderbird profile - disable-common was commented out - -12. removed disable_mgmgt.inc form server.profile, replace the information -- cgit v1.2.3-70-g09d2