From b53b92cb0d21ca137b340c3d9a47a53d6cb00c45 Mon Sep 17 00:00:00 2001 From: valoq Date: Wed, 19 Oct 2016 18:09:30 +0200 Subject: blacklisted common suid programms --- etc/disable-common.inc | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 4f854c8d8..506d4e258 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -172,3 +172,29 @@ blacklist ${PATH}/roxterm-config blacklist ${PATH}/terminix blacklist ${PATH}/urxvtc blacklist ${PATH}/urxvtcd + +# disable common suid programms +blacklist ${PATH}/firejail +blacklist ${PATH}/sudo +blacklist ${PATH}/su +blacklist ${PATH}/mount +blacklist ${PATH}/umount +blacklist ${PATH}/fusermount +blacklist ${PATH}/passwd +blacklist ${PATH}/gpasswd +blacklist ${PATH}/newgidmap +blacklist ${PATH}/newgrp +blacklist ${PATH}/newuidmap +blacklist ${PATH}/pkexec +blacklist ${PATH}/sg +blacklist ${PATH}/rsh +blacklist ${PATH}/rlogin +blacklist ${PATH}/rcp +blacklist ${PATH}/crontab +blacklist ${PATH}/ksu +blacklist ${PATH}/chsh +blacklist ${PATH}/chfn +blacklist ${PATH}/chage +blacklist ${PATH}/expiry +blacklist ${PATH}/ping +blacklist ${PATH}/unix_chkpwd -- cgit v1.2.3-54-g00ecf From 287dc95bac1abce140459a7ecd0213833626b800 Mon Sep 17 00:00:00 2001 From: valoq Date: Thu, 20 Oct 2016 15:47:34 +0200 Subject: removed blacklist duplate --- etc/disable-common.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 506d4e258..19a23d764 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -138,11 +138,11 @@ blacklist /etc/ssh blacklist /var/backup # system management -blacklist ${PATH}/umount -blacklist ${PATH}/mount -blacklist ${PATH}/fusermount -blacklist ${PATH}/su -blacklist ${PATH}/sudo +# blacklist ${PATH}/umount +# blacklist ${PATH}/mount +# blacklist ${PATH}/fusermount +# blacklist ${PATH}/su +# blacklist ${PATH}/sudo blacklist ${PATH}/xinput blacklist ${PATH}/evtest blacklist ${PATH}/xev -- cgit v1.2.3-54-g00ecf From ef0b9705614d061f6e974155fa1799964bc313ee Mon Sep 17 00:00:00 2001 From: valoq Date: Wed, 26 Oct 2016 18:10:30 +0200 Subject: minor fixes --- etc/disable-common.inc | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 82398473d..38a8b86d6 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -1,6 +1,7 @@ # History files in $HOME blacklist-nolog ${HOME}/.history blacklist-nolog ${HOME}/.*_history +blacklist-nolog ${HOME}/.bash_history blacklist ${HOME}/.local/share/systemd blacklist-nolog ${HOME}/.adobe blacklist-nolog ${HOME}/.macromedia @@ -23,6 +24,7 @@ blacklist ${HOME}/.config/openbox/autostart blacklist ${HOME}/.config/openbox/environment blacklist ${HOME}/.gnomerc blacklist /etc/X11/Xsession.d/ +blacklist ${HOME}/.xpra # VirtualBox blacklist ${HOME}/.VirtualBox @@ -96,9 +98,6 @@ read-only ${HOME}/.emacs.d read-only ${HOME}/.nano read-only ${HOME}/.tmux.conf read-only ${HOME}/.iscreenrc -read-only ${HOME}/.muttrc -read-only ${HOME}/.mutt/muttrc -read-only ${HOME}/.msmtprc read-only ${HOME}/.reportbugrc read-only ${HOME}/.xmonad read-only ${HOME}/.xscreensaver @@ -143,11 +142,11 @@ blacklist /usr/sbin blacklist /usr/local/sbin # system management -# blacklist ${PATH}/umount -# blacklist ${PATH}/mount -# blacklist ${PATH}/fusermount -# blacklist ${PATH}/su -# blacklist ${PATH}/sudo +blacklist ${PATH}/umount +blacklist ${PATH}/mount +blacklist ${PATH}/fusermount +blacklist ${PATH}/su +blacklist ${PATH}/sudo blacklist ${PATH}/xinput blacklist ${PATH}/evtest blacklist ${PATH}/xev -- cgit v1.2.3-54-g00ecf