hardening ssh, tor

netblue30 · Feb 23, 2021 · 0e31d02 · 0e31d02
1 parent f2b7ec0
commit 0e31d02
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
@@ -24,6 +24,7 @@ whitelist ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 
+apparmor
 caps.drop all
 ipc-namespace
 netfilter

diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
@@ -15,6 +15,9 @@ noblacklist ${HOME}/.local/share/torbrowser
 include allow-python2.inc
 include allow-python3.inc
 
+blacklist /opt
+blacklist /srv
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -30,6 +33,8 @@ whitelist ${HOME}/.config/torbrowser
 whitelist ${HOME}/.local/share/torbrowser
 include whitelist-common.inc
 include whitelist-var-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 
 # Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local.
 # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need