# /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System
#
# Each line is a file or directory name such as
#       /usr/bin
# or
#       ${HOME}/Desktop/*.desktop
#
# ${HOME} is expanded to user home directory, and * is the regular
# globbing match for zero or more characters.
#
# File or directory names starting with ! are not scanned. For example
#        !${HOME}/.ssh/known_hosts
#        ${HOME}/.ssh
# will scan all files in ~/.ssh directory with the exception of knonw_hosts
#
# This config file is overwritten when a new version of Firejail is installed.
# For global customization use /etc/firejal/ids.config.local.

include ids.config.local

### system executables ###
/bin
/sbin
/usr/bin
/usr/sbin
/usr/games
/usr/libexec

### user executables ###
#/usr/local
#/opt

### system libraries ###
#/lib
#/usr/lib
#/usr/lib32
#/usr/lib64
#/usr/libx32

### shells local ###
${HOME}/.bashrc		# bash
${HOME}/.bash_profile
${HOME}/.bash_login
${HOME}/.bash_logout
${HOME}/.zshenv		#zsh
${HOME}/.zshprofile
${HOME}/.zshrc
${HOME}/.zlogin
${HOME}/.zlogout
${HOME}/.config/fish/config.fish	# fish
${HOME}/.profile		# others
${HOME}/.login
${HOME}/.logout
${HOME}/.cshrc
${HOME}/.tcshrc
${HOME}/.kshrc

### shells global ###
/etc/shells			# all
/etc/profile
/etc/profile.d
/etc/environment
/etc/skel
/etc/dircolors
/etc/bash.bashrc		# bash
/etc/bash_completion*
/etc/bashrc
/etc/zshenv			# zsh
/etc/zprofile
/etc/zshrc
/etc/zlogin
/etc/zlogout
/etc/fish			# fish
/etc/complete.tcsh		# tcsh
/etc/csh.cshrc
/etc/csh.login
/etc/csh.logout
/etc/ksh.kshrc		# ksh

### X11 ###
${HOME}/.xsessionrc
${HOME}/.xsession
${HOME}/.Xsession
${HOME}/.xinitrc
${HOME}/.xprofile
${HOME}/.xmodmaprc
${HOME}/.xserverrc
${HOME}/.Xresurces
/etc/X11

### window/desktop manager ###
${HOME}/.config/autostart
${HOME}/Desktop/*.desktop
${HOME}/.config/lxsession/LXDE/autostart
${HOME}/.gnomerc
${HOME}/.gtkrc
${HOME}/.kderc

### security ###
${HOME}/.gnupg
${HOME}/.config/firejail
/etc/apparmor*
/etc/selinux
/etc/security
/etc/group*
/etc/gshadow*
/etc/passwd*
/etc/shadow*
/etc/pam.*
/etc/sudoers*
/etc/securetty
/etc/cracklib
/etc/libaudit.conf
/etc/tripwire
/etc/aide
/etc/chkrootkit.conf
/etc/rkhunter.conf

*** network security ***
/etc/services
/etc/hosts.*
/etc/ssl
/etc/ca-certificates*
/usr/share/ca-certificates
!${HOME}/.ssh/known_hosts	# excluding
${HOME}/.ssh
/etc/ssh
/etc/snort
/etc/wireshark

### system config ###
/etc/default
/etc/crontab
/etc/cron.*