# /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System # This config file is overwritten when a new version of Firejail is installed. # For global customization use /etc/firejail/ids.config.local. include ids.config.local # # Each line is a file or directory name such as # /usr/bin # or # ${HOME}/Desktop/*.desktop # # ${HOME} is expanded to the user's home directory, and * is the regular # globbing match for zero or more characters. # # File or directory names starting with ! are not scanned. For example # !${HOME}/.ssh/known_hosts # ${HOME}/.ssh # will scan all files in ~/.ssh directory with the exception of known_hosts ### system executables ### /bin /sbin /usr/bin /usr/games /usr/libexec /usr/sbin ### user executables ### #/opt #/usr/local ### system libraries ### #/lib #/usr/lib #/usr/lib32 #/usr/lib64 #/usr/libx32 ### shells local ### # bash ${HOME}/.bash_aliases ${HOME}/.bash_login ${HOME}/.bash_logout ${HOME}/.bash_profile ${HOME}/.bashrc # fish ${HOME}/.config/fish/config.fish # others ${HOME}/.cshrc ${HOME}/.kshrc ${HOME}/.login ${HOME}/.logout ${HOME}/.profile ${HOME}/.tcshrc # zsh ${HOME}/.zlogin ${HOME}/.zlogout ${HOME}/.zshenv ${HOME}/.zshprofile ${HOME}/.zshrc # Note: This list should be kept in sync with the one in inc/disable-shell.inc. ### shells global ### # all /etc/dircolors /etc/environment /etc/profile /etc/profile.d /etc/shells /etc/skel # bash /etc/bash /etc/bash.bashrc /etc/bash_completion* /etc/bashrc # fish /etc/fish # ksh /etc/ksh.kshrc /etc/suid_profile # tcsh /etc/complete.tcsh /etc/csh.cshrc /etc/csh.login /etc/csh.logout # zsh /etc/zlogin /etc/zlogout /etc/zprofile /etc/zsh /etc/zshenv /etc/zshrc ### X11 ### /etc/X11 ${HOME}/.xinitrc ${HOME}/.xmodmaprc ${HOME}/.xprofile ${HOME}/.Xresources ${HOME}/.xserverrc ${HOME}/.Xsession ${HOME}/.xsession ${HOME}/.xsessionrc ### window/desktop manager ### ${HOME}/Desktop/*.desktop ${HOME}/.config/autostart ${HOME}/.config/autostart-scripts ${HOME}/.config/lxsession/LXDE/autostart ${HOME}/.config/openbox/autostart ${HOME}/.config/openbox/environment ${HOME}/.config/plasma-workspace/env ${HOME}/.config/plasma-workspace/shutdown ${HOME}/.gnomerc ${HOME}/.gtkrc ${HOME}/.kde/Autostart ${HOME}/.kde/env ${HOME}/.kde/share/autostart ${HOME}/.kde/shutdown ${HOME}/.kde4/Autostart ${HOME}/.kde4/env ${HOME}/.kde4/share/autostart ${HOME}/.kde4/shutdown ${HOME}/.kderc ${HOME}/.local/share/autostart ### security ### /etc/aide /etc/apparmor* /etc/chkrootkit.conf /etc/cracklib /etc/doas.conf /etc/libaudit.conf /etc/group* /etc/gshadow* /etc/pam.* /etc/passwd* /etc/rkhunter* /etc/securetty /etc/security /etc/selinux /etc/shadow* /etc/sudo*.conf /etc/sudoers* /etc/tripwire ${HOME}/.config/firejail ${HOME}/.gnupg ${HOME}/.pam_environment ### network security ### /etc/ca-certificates* /etc/hosts.* /etc/services /etc/snort /etc/ssh /etc/ssl /etc/wireshark !${HOME}/.ssh/known_hosts # excluding ${HOME}/.ssh /usr/share/ca-certificates ### system config ### /etc/cron.* /etc/crontab /etc/default