From 2b37849dbdc1e7be2fac0756a39de8e54b40ae2c Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 30 Oct 2015 08:55:25 -0400
Subject: Protect shell startup files

---
 etc/disable-common.inc | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'etc/disable-common.inc')

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ece906717..87a979034 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -76,3 +76,36 @@ blacklist /etc/profile.d
 blacklist /etc/rc.local
 blacklist /etc/anacrontab
 
+# General startup files
+read-only ${HOME}/.xinitrc
+read-only ${HOME}/.xserverrc
+read-only ${HOME}/.profile
+
+# Shell startup files
+read-only ${HOME}/.bash_login
+read-only ${HOME}/.bashrc
+read-only ${HOME}/.bash_profile
+read-only ${HOME}/.bash_logout
+read-only ${HOME}/.zshrc
+read-only ${HOME}/.zlogin
+read-only ${HOME}/.zprofile
+read-only ${HOME}/.zlogout
+read-only ${HOME}/.zsh_files
+read-only ${HOME}/.tcshrc
+read-only ${HOME}/.cshrc
+read-only ${HOME}/.csh_files
+
+# Initialization files that allow arbitrary command execution
+read-only ${HOME}/.mailcap
+read-only ${HOME}/.exrc
+read-only ${HOME}/.vimrc
+read-only ${HOME}/.vim
+read-only ${HOME}/.emacs
+read-only ${HOME}/.tmux.conf
+read-only ${HOME}/.iscreenrc
+read-only ${HOME}/.muttrc
+read-only ${HOME}/.xmonad
+
+# The user ~/bin directory can override commands such as ls
+read-only ${HOME}/bin
+
-- 
cgit v1.2.3-70-g09d2