ItsDrike/dotfiles
1
0
Fork 0
mirror of https://github.com/ItsDrike/dotfiles.git synced 2025-06-29 04:00:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Remove everything and restart blank

Browse source 
This commit removes all files currently present in the repo, to prepare
for a start from a nothing. This is done due to my recent migration from
X11 to Wayland, which has rendered most of these config files no longer
releveant.

I've currently been tracking my dotfiles in a separate repository, in
hopes to get it to a state where it would be mergable here, but that
turned out to be much more difficult than I anticipated, and I think it
will be much easier to simply move over the history from this temporary
repository I've been using onto this one. That however requires a start
from a clean point, which this commit creates.
This commit is contained in:
ItsDrike 2022-11-20 03:07:41 +01:00
parent eadb37961b
commit b912871070
No known key found for this signature in database
GPG key ID: B014E761034AF742
206 changed files with 0 additions and 15683 deletions
Download patch file Download diff file Expand all files Collapse all files

22
root/.rsync-filter
View file

@ -1,22 +0,0 @@
# Filter file for rsync based backups
# rsync needs to be ran with --filter 'dir-merge /.rsync-filter'
# argument to look through this filter file
- /dev/*
- /proc/*
- /sys/*
- /media/*
- /mnt/*
- /tmp/*
- /run/*
- /var/run/*
- /var/lock/*
- /var/lib/docker/*
- /var/lib/schroot/*
- /lost+found
- /data/*
- /DATA/*
- /cdrom/*
- /sdcard/*
- /swapfile
- /swap/*
- /home/*/.cache/*

16
root/etc/NetworkManager/conf.d/random_mac.conf
View file

@ -1,16 +0,0 @@
[device-mac-randomization]
# "yes" is already the default for scanning
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
# Randomize MAC for every ethernet connection
ethernet.cloned-mac-address=random
# Generate a random MAC for each WiFi and associate the two permanently
wifi.cloned-mac-address=stable
# Opions:
# permanent: Use HardWare address
# preserve: Dont change the MAC address of the device upon activation
# stable: Randomize once and associate it permanently with that network
# random: Randomize MAC for every connection

7
root/etc/X11/xorg.conf.d/40-libinput.conf
View file

@ -1,7 +0,0 @@
Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "Tapping" "on"
EndSection

62
root/etc/default/grub
View file

@ -1,62 +0,0 @@
# GRUB boot loader configuration
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=9a400ce4-df98-43eb-b88c-009a359873a5:cryptroot:allow-discards lukskeyfile=UUID=80c09daa-c562-4242-90a9-8258f6442bec:/root-key"
# Grub should automatically detect the root UUID after decryption and set
# that as root, we could also use root=/dev/mapper/cryptroot cmdline arg,
# however that could lead to problems, since GRUB defines the root anyway,
# so we'd have 2 root definitions, we could also use the UUID manually by using
# root=7173b256-9d90-41f5-beac-4d01b3b5bbd5
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable booting with LUKS encrypted /boot drive
#GRUB_ENABLE_CRYPTODISK=y
# Set to 'countdown' or 'hidden' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=menu
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
#GRUB_SAVEDEFAULT=true
# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y

20
root/etc/doas.conf
View file

@ -1,20 +0,0 @@
# doas configuration file
# doas is a sudo-like utility without that many features
# which results in less potentional security vulnerabilities
# Allow all users in wheel group to execute a command
#permit :wheel
# Allow all users of the wheel group toperform actions
# as root without authentication
#permit nopass :wheel
# Don't require password for 5 minutes
# for all users of wheel group
permit persist :wheel
# Deny a user to execute a command
#deny itsdrike cmd fdisk
# Allow a user to use command without password
#permit nopass itsdrike cmd reboot

13
root/etc/grub.d/09_credentials
View file

@ -1,13 +0,0 @@
#!/bin/sh
exec tail -n +3 $0
# Setup GRUB credentials so that it isn't possible for anyone to change the
# boot parameters or use the command line, unless they know user/password pair
#set superusers="admin"
#password admin [unsafe plaintext password]
#password_pbkdf2 admin [safe grub-mkpasswd-pbkdf2 password]
# Make OS Entries unrestricted, so that they can be booted into without prompting
# for user/password pair set above
#menuentry_id_option="--unrestricted $menuentry_id_option"

12
root/etc/grub.d/40_custom
View file

@ -1,12 +0,0 @@
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
if [ ${grub_platform} == "efi" ]; then
menuentry "Firmware setup" {
fwsetup
}
fi

44
root/etc/hosts
View file

@ -1,44 +0,0 @@
# /etc/hosts: Local Host Database
# See hosts(5) for details
#
# This file describes a number of aliases-to-address mappings for the for
# local hosts that share this file.
#
# The format of lines in this file is:
#
# IP_ADDRESS canonical_hostname [aliases...]
#
# The fields can be separated by any number of spaces or tabs.
#
# In the presence of the domain name service or NIS, this file may not be
# consulted at all; see /etc/host.conf for the resolution order.
#
# According to RFC 1918, you can use the following IP networks for private
# nets which will never be connected to the Internet:
#
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
#
# In case you want to be able to connect directly to the Internet (i.e. not
# behind a NAT, ADSL router, etc...), you need real official assigned
# numbers. Do not try to invent your own network numbers but instead get one
# from your network provider (if any) or from your regional registry (ARIN,
# APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
# IPv4 and IPv6 localhost aliases
127.0.0.1 localhost ip4-localhost
::1 ip6-localhost
# Current system definition
127.0.1.1 pc.localdomain pc
# Extra systems on the network
10.1.0.1 localserver.localdomain localserver
# DNS servers
45.90.30.0 nextcloud-dns
1.1.1.1 couldflare-dns
1.0.0.1 cloudflare-dns2
8.8.8.8 google-dns

52
root/etc/initcpio/hooks/lukskeyfile
View file

@ -1,52 +0,0 @@
#!/bin/ash
run_hook() {
# This is a needed kernel parameter for this hook
if [ -n "$lukskeyfile" ]; then
modprobe -a -q loop dm-crypt >/dev/null 2>&1
# Refer to help from `mkinitcpio -H lukskeyfile`.
IFS=: read rootKeyDev rootKey cryptkeyLoc <<EOF
$lukskeyfile
EOF
if [ -z "${cryptkeyLoc}" ]; then
cryptkeyLoc=/crypto_keyfile.bin
fi
# Ask user whether to detect the device (detecting may
# take up a while and asking is faster)
while true; do
read -t5 -p "Use external key file? (default: yes, waiting 5s): " yn
if [ $? -gt 0 ]; then
echo "Timed out, assuming yes"
break
fi
case $yn in
[Yy]*)
break
;;
[Nn]*) return 0;;
"")
echo "Default (yes)"
break
;;
*) echo "Please answer yes or no.";;
esac
done
# Resolve and mount the device, in case we can't mount, show error
echo "Mounting device..."
if resoleved=$(resolve_device "${rootKeyDev}" $rootdelay); then
if mount -o noatime "${rootKeyDev}" /mnt>/dev/null 2>&1; then
# Copy the keyfile present in the device into the
# ramfs filesystem to be read by dm-crypt
cat "/mnt/${rootKey}" > "${cryptkeyLoc}"
else
echo "Failed to mount ${rootKeyDev} on /mnt"
/bin/sh
fi
else
echo "Failed to find ${rootKeyDev} containing LUKS root key."
fi
fi
}

27
root/etc/initcpio/install/lukskeyfile
View file

@ -1,27 +0,0 @@
#!/bin/bash
build() {
add_dir "/mnt"
add_module loop
add_module dm-crypt
add_runscript
}
help() {
cat <<EOF
Open root partition with LUKS root key present on internal
or external accessible non-encrypted partition.
To use this hook, specify lukskeyfile in kernel parameters.
This hook is designed to copy over the specified key file into
initramfs internal path designated as cryptkey by encrypt hook.
lukskeyfile=rootKeyDev:rootKey[:cryptkeyLoc]
rootKeyDev = /path/to/rootKeyDev, UUID=uuid-of-rootKeyDev
rootKey = /path/to/rootKey in rootKeyDev
cryptkeyLoc = /path/to/cryptkey in initramfs.
Default values
cryptkeyLoc=/crypto_keyfile.bin
EOF
}

69
root/etc/mkinitcpio.conf
View file

@ -1,69 +0,0 @@
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES=(piix ide_disk reiserfs)
MODULES=()
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=()
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS=(base)
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS=(base udev autodetect block filesystems)
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS=(base udev block filesystems)
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS=(base udev block mdadm encrypt filesystems)
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS=(base udev block lvm2 filesystems)
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
#
## Edits applied: numlock (requires mkinitcpio-numlock (AUR)), encrypt
HOOKS=(base udev autodetect keyboard numlock modconf block lukskeyfile encrypt filesystems fsck)
# COMPRESSION
# Use this to compress the initramfs image. By default, zstd compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="zstd"
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

1
root/etc/modprobe.d/blacklist.conf
View file

@ -1 +0,0 @@
blacklist pcspkr

16
root/etc/opensnitchd/rules/0 - Global Allow.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:38:21.237148571+01:00",
"updated": "2021-03-26T14:38:21.237217606+01:00",
"name": "0 - Global Allow",
"enabled": false,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": ".*",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 1: Loopback IPv4.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:34:29.750639149+01:00",
"updated": "2021-03-26T14:34:29.750717553+01:00",
"name": "1 - Local Network 1: Loopback IPv4",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "127.0.0.0/8",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 1: Loopback IPv6.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:35:06.471042752+01:00",
"updated": "2021-03-26T14:35:06.471104722+01:00",
"name": "1 - Local Network 1: Loopback IPv6",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "::1/128",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 2: IPv4.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T13:55:13.918975568+01:00",
"updated": "2021-03-26T13:55:13.919048389+01:00",
"name": "1 - Local Network 2: IPv4",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "192.0.0.0/8",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 2: IPv6.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:35:19.095504822+01:00",
"updated": "2021-03-26T14:35:19.095575256+01:00",
"name": "1 - Local Network 2: IPv6",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "ff00::/8",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 3: Multicast.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:35:34.624303764+01:00",
"updated": "2021-03-26T14:35:34.624381925+01:00",
"name": "1 - Local Network 3: Multicast",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "224.0.0.0/8",
"list": []
}
}

38
root/etc/opensnitchd/rules/2 - DNS 1: CloudFlare.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:05:47.752157095+01:00",
"updated": "2021-03-26T14:05:47.752306682+01:00",
"name": "2 - DNS 1: CloudFlare",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.ip\", \"data\": \"(1\\\\.1\\\\.1\\\\.1)|(1\\\\.0\\\\.0\\\\.1)\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
},
{
"type": "regexp",
"operand": "dest.ip",
"sensitive": false,
"data": "(1\\.1\\.1\\.1)|(1\\.0\\.0\\.1)",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/2 - DNS 2: Local NameServer.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:11:37.6695327+01:00",
"updated": "2021-03-26T14:11:37.669693753+01:00",
"name": "2 - DNS 2: Local NameServer",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"192.168.0.1\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "192.168.0.1",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/3 - Clord (color management daemon).json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:54:35.691185369+01:00",
"updated": "2021-03-26T14:54:35.691334733+01:00",
"name": "3 - Clord (color management daemon)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/colord-sane\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"255.255.255.255\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"user.id\", \"data\": \"974\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/colord-sane",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "255.255.255.255",
"list": null
},
{
"type": "simple",
"operand": "user.id",
"sensitive": false,
"data": "974",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/3 - NetworkManager HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:25:45.324185722+01:00",
"updated": "2021-03-26T14:25:45.324300946+01:00",
"name": "3 - NetworkManager HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/NetworkManager\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/NetworkManager",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

45
root/etc/opensnitchd/rules/3 - Resolver: Avahi Daemon (Multicast DNS).json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T14:32:52.844859434+01:00",
"updated": "2021-03-26T14:32:52.845014247+01:00",
"name": "3 - Resolver: Avahi Daemon (Multicast DNS)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/avahi-daemon\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"5353\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.ip\", \"data\": \"^(ff02::fb|224\\\\.0\\\\.0\\\\.251)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/avahi-daemon",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "5353",
"list": null
},
{
"type": "regexp",
"operand": "dest.ip",
"sensitive": false,
"data": "^(ff02::fb|224\\.0\\.0\\.251)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/3 - Resolver: Systemd Resolved (TCP DNS).json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-07T07:30:07.18439781+02:00",
"updated": "2021-04-07T07:30:07.184496636+02:00",
"name": "3 - Resolver: Systemd Resolved (TCP DNS)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/systemd/systemd-resolved\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"853\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"116.202.176.26\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/systemd/systemd-resolved",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "853",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "116.202.176.26",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/3 - Resolver: Systemd Resolved (Unicast DNS).json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:36:45.353178364+01:00",
"updated": "2021-03-26T14:36:45.353306158+01:00",
"name": "3 - Resolver: Systemd Resolved (Unicast DNS)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/systemd/systemd-resolved\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/systemd/systemd-resolved",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/3 - Time Synchronization.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:31:12.698421478+01:00",
"updated": "2021-03-26T14:31:12.698577981+01:00",
"name": "3 - Time Synchronization",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/systemd/systemd-timesyncd\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/systemd/systemd-timesyncd",
"list": null
}
]
}
}

45
root/etc/opensnitchd/rules/4 - Arch-Audit HTTPS.json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T14:53:45.452433311+01:00",
"updated": "2021-03-26T14:53:45.452584115+01:00",
"name": "4 - Arch-Audit HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/arch-audit\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"security.archlinux.org\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/arch-audit",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "security.archlinux.org",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Curl HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:52:55.594720808+01:00",
"updated": "2021-03-26T14:52:55.594848089+01:00",
"name": "4 - Curl HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/curl\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/curl",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Flatpak.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-01T03:02:23.608460294+02:00",
"updated": "2021-04-01T03:02:23.608585046+02:00",
"name": "4 - Flatpak",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/flatpak\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/flatpak",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/4 - Git All.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:53:18.08440206+01:00",
"updated": "2021-03-26T14:53:18.084531091+01:00",
"name": "4 - Git All",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"(\\\\/usr\\\\/bin\\\\/git)|(\\\\/usr\\\\/lib\\\\/git-core\\\\/git-remote-https?)\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "(\\/usr\\/bin\\/git)|(\\/usr\\/lib\\/git-core\\/git-remote-https?)",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/4 - Nslookup.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-07T07:32:01.871499604+02:00",
"updated": "2021-04-07T07:32:01.871618908+02:00",
"name": "4 - Nslookup",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/nslookup",
"list": []
}
}

38
root/etc/opensnitchd/rules/4 - Pacman HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-01T02:59:52.127387559+02:00",
"updated": "2021-04-01T02:59:52.127534491+02:00",
"name": "4 - Pacman HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/pacman\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/pacman",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Pkgfile HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:53:36.851205357+01:00",
"updated": "2021-03-26T14:53:36.851336407+01:00",
"name": "4 - Pkgfile HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/pkgfile\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/pkgfile",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/4 - SSH.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:55:32.627718743+01:00",
"updated": "2021-03-26T14:55:32.627823529+01:00",
"name": "4 - SSH",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/ssh\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/ssh",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Wget HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:52:45.386672313+01:00",
"updated": "2021-03-26T14:52:45.386820625+01:00",
"name": "4 - Wget HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/wget\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/wget",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Yay (AUR) HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:52:25.658707558+01:00",
"updated": "2021-03-26T14:52:25.658876726+01:00",
"name": "4 - Yay (AUR) HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/yay\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/yay",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/5 - KDE Discover HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-01T03:00:23.962712398+02:00",
"updated": "2021-04-01T03:00:23.962833202+02:00",
"name": "5 - KDE Discover HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"^(\\\\/usr\\\\/bin\\\\/plasma-discover|\\\\/usr\\\\/lib\\\\/DiscoverNotifier)$\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "^(\\/usr\\/bin\\/plasma-discover|\\/usr\\/lib\\/DiscoverNotifier)$",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/5 - KDE Init (Widgets) HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:01:40.246561989+01:00",
"updated": "2021-03-26T15:01:40.24674061+01:00",
"name": "5 - KDE Init (Widgets) HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/kdeinit5\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/kdeinit5",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/5 - KDE Plasmashell.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-01T02:54:46.246760182+02:00",
"updated": "2021-04-01T02:54:46.246834823+02:00",
"name": "5 - KDE Plasmashell",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/plasmashell",
"list": []
}
}

38
root/etc/opensnitchd/rules/5 - KDE Telemetry.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:58:25.517342143+01:00",
"updated": "2021-03-26T14:58:25.517486366+01:00",
"name": "5 - KDE Telemetry",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/plasmashell\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"telemetry.kde.org\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/plasmashell",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "telemetry.kde.org",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/5 - KScreenLocker Greet HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:58:41.453127782+01:00",
"updated": "2021-03-26T14:58:41.453247154+01:00",
"name": "5 - KScreenLocker Greet HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/kscreenlocker_greet\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/kscreenlocker_greet",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/5 - Plasma Browser Integration HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:58:51.013216555+01:00",
"updated": "2021-03-26T14:58:51.013358956+01:00",
"name": "5 - Plasma Browser Integration HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/plasma-browser-integration-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/plasma-browser-integration-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/5 - VirtualBox ALL.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:06:09.065865819+01:00",
"updated": "2021-03-26T15:06:09.065936078+01:00",
"name": "5 - VirtualBox ALL",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/virtualbox/VirtualBoxVM",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - Caprine 1 - UDP.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:05:34.481391307+01:00",
"updated": "2021-03-26T15:05:34.481508413+01:00",
"name": "6 - Caprine 1 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.command\", \"data\": \"/usr/lib/electron/electron /usr/bin/caprine\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.command",
"sensitive": false,
"data": "/usr/lib/electron/electron /usr/bin/caprine",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Caprine 2 - IP Grabbers.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:05:42.793872103+01:00",
"updated": "2021-03-26T15:05:42.793987628+01:00",
"name": "6 - Caprine 2 - IP Grabbers",
"enabled": true,
"precedence": true,
"action": "deny",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.command\", \"data\": \"/usr/lib/electron/electron /usr/bin/caprine\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \"(icanhazip.com|myip.opendns.com|api.ipify.org)\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.command",
"sensitive": false,
"data": "/usr/lib/electron/electron /usr/bin/caprine",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": "(icanhazip.com|myip.opendns.com|api.ipify.org)",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Chromium 1 - HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:02:22.863576228+01:00",
"updated": "2021-03-26T15:02:22.863723433+01:00",
"name": "6 - Chromium 1 - HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/chromium/chromium\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/chromium/chromium",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Chromium 2 - UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:00:30.758958286+01:00",
"updated": "2021-03-26T15:00:30.759131117+01:00",
"name": "6 - Chromium 2 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/chromium/chromium\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/chromium/chromium",
"list": null
}
]
}
}

45
root/etc/opensnitchd/rules/6 - Chromium 3 - Google DNS.json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T15:00:39.45302295+01:00",
"updated": "2021-03-26T15:00:39.453105125+01:00",
"name": "6 - Chromium 3 - Google DNS",
"enabled": true,
"precedence": true,
"action": "deny",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/chromium/chromium\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"5228\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"mtalk.google.com\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/chromium/chromium",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "5228",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "mtalk.google.com",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Discord 1 - HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:00:47.05534584+01:00",
"updated": "2021-03-26T15:00:47.055503114+01:00",
"name": "6 - Discord 1 - HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/discord/Discord\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/discord/Discord",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Discord 2 - UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:00:54.726404116+01:00",
"updated": "2021-03-26T15:00:54.726525934+01:00",
"name": "6 - Discord 2 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/discord/Discord\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/discord/Discord",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Electron HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:03:20.472154851+01:00",
"updated": "2021-03-26T15:03:20.472291079+01:00",
"name": "6 - Electron HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/electron/electron\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/electron/electron",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Firefox 1 - HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:01:03.878891592+01:00",
"updated": "2021-03-26T15:01:03.879007456+01:00",
"name": "6 - Firefox 1 - HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/firefox/firefox\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/firefox/firefox",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Firefox 2 - UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:01:21.022762959+01:00",
"updated": "2021-03-26T15:01:21.022899201+01:00",
"name": "6 - Firefox 2 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/firefox/firefox\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/firefox/firefox",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Firefox 3 - PingSender.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:01:27.902723849+01:00",
"updated": "2021-03-26T15:01:27.902798768+01:00",
"name": "6 - Firefox 3 - PingSender",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/firefox/pingsender",
"list": []
}
}

31
root/etc/opensnitchd/rules/6 - Gimagereader HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:06:47.786430608+01:00",
"updated": "2021-03-26T15:06:47.786567338+01:00",
"name": "6 - Gimagereader HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/gimagereader-qt5\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/gimagereader-qt5",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Go (language).json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:10:53.909451068+01:00",
"updated": "2021-03-26T15:10:53.90953488+01:00",
"name": "6 - Go (language)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/go/bin/go",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - LibreWolf HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-02T23:28:24.475396074+02:00",
"updated": "2021-04-02T23:28:24.475553501+02:00",
"name": "6 - LibreWolf HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/librewolf/librewolf\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/librewolf/librewolf",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Python HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:10:46.661735004+01:00",
"updated": "2021-03-26T15:10:46.66187107+01:00",
"name": "6 - Python HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"/usr/bin/python*\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/python*",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - QBitTorrent.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:03:59.240296743+01:00",
"updated": "2021-03-26T15:03:59.240369823+01:00",
"name": "6 - QBitTorrent",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/qbittorrent",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - Qalculate HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:03:51.080504273+01:00",
"updated": "2021-03-26T15:03:51.080636184+01:00",
"name": "6 - Qalculate HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/qalculate-gtk\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/qalculate-gtk",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Spotify 1 - needed.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:01:53.487069746+01:00",
"updated": "2021-03-26T15:01:53.487181823+01:00",
"name": "6 - Spotify 1 - needed",
"enabled": true,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/spotify/spotify\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \"^(.*\\\\.?spotify\\\\.com)|(audio.+spotify.+\\\\.akamaized\\\\.net)|(.*\\\\.?scdn\\\\.co)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/spotify/spotify",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": "^(.*\\.?spotify\\.com)|(audio.+spotify.+\\.akamaized\\.net)|(.*\\.?scdn\\.co)$",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Spotify 2 - ads+telemetry.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:02:02.343313434+01:00",
"updated": "2021-03-26T15:02:02.343390075+01:00",
"name": "6 - Spotify 2 - ads+telemetry",
"enabled": true,
"precedence": false,
"action": "deny",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/spotify/spotify",
"list": []
}
}

31
root/etc/opensnitchd/rules/6 - Spotify 3 - internal ads+telemetry.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:02:16.687208851+01:00",
"updated": "2021-03-26T15:02:16.687359725+01:00",
"name": "6 - Spotify 3 - internal ads+telemetry",
"enabled": false,
"precedence": true,
"action": "deny",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/spotify/spotify\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \"^(ads(-.+)?\\\\.spotify\\\\.com)|(advancedtracker\\\\.spotify\\\\.com)|(analytics\\\\.spotify\\\\.com)|adlab\\\\.spotify\\\\.com|(crashdump(\\\\..+)?\\\\.spotify\\\\.com)|(log\\\\.spotify\\\\.com)|(log2\\\\.spotify\\\\.com)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/spotify/spotify",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": "^(ads(-.+)?\\.spotify\\.com)|(advancedtracker\\.spotify\\.com)|(analytics\\.spotify\\.com)|adlab\\.spotify\\.com|(crashdump(\\..+)?\\.spotify\\.com)|(log\\.spotify\\.com)|(log2\\.spotify\\.com)$",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Tor Browser ALL.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:02:09.109657936+01:00",
"updated": "2021-03-26T15:02:09.109691483+01:00",
"name": "6 - Tor Browser ALL",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/home/itsdrike/.config/tor-browser/app/Browser/TorBrowser/Tor/tor",
"list": []
}
}

16
root/etc/opensnitchd/rules/6 - Tor service.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:04:19.984514998+01:00",
"updated": "2021-03-26T15:04:19.984594133+01:00",
"name": "6 - Tor service",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/tor",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - VSCode HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:04:13.753378423+01:00",
"updated": "2021-03-26T15:04:13.75353041+01:00",
"name": "6 - VSCode HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"(\\\\/opt\\\\/visual-studio-code\\\\/code)|(\\\\/home\\\\/.+\\\\/\\\\.local\\\\/share\\\\/vscode\\\\/.+)\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "(\\/opt\\/visual-studio-code\\/code)|(\\/home\\/.+\\/\\.local\\/share\\/vscode\\/.+)",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Xsane (scanner software).json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:07:51.203426947+01:00",
"updated": "2021-03-26T15:07:51.203586715+01:00",
"name": "6 - Xsane (scanner software)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/xsane\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"161\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"255.255.255.255\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/xsane",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "161",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "255.255.255.255",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Zoom 1: needed.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:07:34.123428308+01:00",
"updated": "2021-03-26T15:07:34.123557306+01:00",
"name": "6 - Zoom 1: needed",
"enabled": true,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/zoom/zoom\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(8801|443)$\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \".*\\\\.zoom\\\\.us\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/zoom/zoom",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(8801|443)$",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": ".*\\.zoom\\.us",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Zoom 2: telemetry.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:07:42.402689917+01:00",
"updated": "2021-03-26T15:07:42.40277358+01:00",
"name": "6 - Zoom 2: telemetry",
"enabled": true,
"precedence": false,
"action": "deny",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/zoom/zoom",
"list": []
}
}

16
root/etc/opensnitchd/rules/6 - mpv.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:52:36.689049623+02:00",
"updated": "2021-04-02T23:52:36.689121835+02:00",
"name": "6 - mpv",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/mpv",
"list": []
}
}

16
root/etc/opensnitchd/rules/7 - DirMngr (Accessing OpenPGP Keyservers).json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:27:40.492145563+02:00",
"updated": "2021-04-02T23:27:40.492220477+02:00",
"name": "7 - DirMngr (Accessing OpenPGP Keyservers)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/dirmngr",
"list": []
}
}

38
root/etc/opensnitchd/rules/7 - DownloadHelper HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:06:58.026583665+01:00",
"updated": "2021-03-26T15:06:58.026700643+01:00",
"name": "7 - DownloadHelper HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/local/net.downloadhelper.coapp-1.6.1/bin/net.downloadhelper.coapp-linux-64\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/local/net.downloadhelper.coapp-1.6.1/bin/net.downloadhelper.coapp-linux-64",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/7 - Exodus HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:06:00.313939576+01:00",
"updated": "2021-03-26T15:06:00.314088658+01:00",
"name": "7 - Exodus HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/exodus/Exodus\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/exodus/Exodus",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - GImageReader.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-01T02:54:28.868922664+02:00",
"updated": "2021-04-01T02:54:28.868997421+02:00",
"name": "7 - GImageReader",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/gimagereader-qt5",
"list": []
}
}

31
root/etc/opensnitchd/rules/7 - Google Remote Desktop (Start).json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:08:32.002388702+01:00",
"updated": "2021-03-26T15:08:32.002444202+01:00",
"name": "7 - Google Remote Desktop (Start)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/google/chrome-remote-desktop/start-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/google/chrome-remote-desktop/start-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/7 - Google Remote Desktop (host).json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:08:40.676085602+01:00",
"updated": "2021-03-26T15:08:40.676199845+01:00",
"name": "7 - Google Remote Desktop (host)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/google/chrome-remote-desktop/chrome-remote-desktop-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"3478\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/google/chrome-remote-desktop/chrome-remote-desktop-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "3478",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/7 - Google remote desktop host HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:08:48.779949158+01:00",
"updated": "2021-03-26T15:08:48.78007234+01:00",
"name": "7 - Google remote desktop host HTTPS",
"enabled": false,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/google/chrome-remote-desktop/chrome-remote-desktop-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/google/chrome-remote-desktop/chrome-remote-desktop-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - MailSpring 2: mailsync.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:29:38.186802771+02:00",
"updated": "2021-04-02T23:29:38.186899772+02:00",
"name": "7 - MailSpring 2: mailsync",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/share/mailspring/resources/app.asar.unpacked/mailsync.bin",
"list": []
}
}

16
root/etc/opensnitchd/rules/7 - MailSpring.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:29:09.554510897+02:00",
"updated": "2021-04-02T23:29:09.554599422+02:00",
"name": "7 - MailSpring",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/share/mailspring/mailspring",
"list": []
}
}

16
root/etc/opensnitchd/rules/7 - NMap.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-27T22:17:47.411966515+01:00",
"updated": "2021-03-27T22:17:47.412029252+01:00",
"name": "7 - NMap",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/nmap",
"list": []
}
}

45
root/etc/opensnitchd/rules/7 - OBS.json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T15:06:19.416884298+01:00",
"updated": "2021-03-26T15:06:19.416964918+01:00",
"name": "7 - OBS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/obs\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"obsproject.com\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/obs",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "obsproject.com",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - Portmaster ALL.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:09:05.172414932+01:00",
"updated": "2021-03-26T15:09:05.172493217+01:00",
"name": "7 - Portmaster ALL",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "\\/var\\/lib\\/portmaster\\/.*",
"list": []
}
}

31
root/etc/opensnitchd/rules/7 - Postgres UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:07:12.074594056+01:00",
"updated": "2021-03-26T15:07:12.074724626+01:00",
"name": "7 - Postgres UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/postgres\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/postgres",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - Postman.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:07:20.01066125+01:00",
"updated": "2021-03-26T15:07:20.010747563+01:00",
"name": "7 - Postman",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/postman/app/_Postman",
"list": []
}
}

31
root/etc/opensnitchd/rules/7 - SSH 22.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-04-07T07:53:12.922862432+02:00",
"updated": "2021-04-07T07:53:12.922993954+02:00",
"name": "7 - SSH 22",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"22\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "22",
"list": null
}
]
}
}

105
root/etc/pacman.conf
View file

@ -1,105 +0,0 @@
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
Color
CheckSpace
VerbosePkgLists
#DisableDownloadTimeout
#ILoveCandy
ParallelDownloads = 8
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
# Use blackarch first, so that other indices can take precedence in
# versions, usually core/extra/community/multilib have newer versions
# in comparison to blackarch index
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist
[multilib]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

45
root/etc/profile
View file

@ -1,45 +0,0 @@
# /etc/profile
# Set umask, 027 might be too strict for some people. if that's the case
# you can fall back to 022 (allowing others to read everything by default)
# or even to 002 (allowing groups to write into files just like owners)
umask 022
# Append "$1" to $PATH when not already in.
# This function API is accessible to scripts in /etc/profile.d
append_path () {
case ":$PATH:" in
*:"$1":*)
;;
*)
PATH="${PATH:+$PATH:}$1"
esac
}
# Append our default paths
append_path '/sbin'
append_path '/usr/sbin'
append_path '/bin'
append_path '/usr/bin'
append_path '/usr/local/sbin'
append_path '/usr/local/bin'
# Force PATH to be environment
export PATH
# Load profiles from /etc/profile.d
if test -d /etc/profile.d/; then
for profile in /etc/profile.d/*.sh; do
test -r "$profile" && . "$profile"
done
unset profile
fi
# Unload our profile API functions
unset -f append_path
# Termcap is outdated, old, and crusty, kill it.
unset TERMCAP
# Man is much better than us at figuring this out
unset MANPATH

14
root/etc/resolv.conf
View file

@ -1,14 +0,0 @@
# DNS configuration, NetworkManager tends to override this
# but setting immutable flag to this file fixes that.
# This can be done by running chattr +i /etc/resolv.conf
# Prefer local pihole server, if aviable
nameserver 192.168.0.10
# Fallback on common DNS servers, in this order:
# NextDNS -> CloudFlare DNS -> ISP default DNS
nameserver 45.90.30.0
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 127.0.0.1
nameserver ::1

99
root/etc/sudoers
View file

@ -1,99 +0,0 @@
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
Defaults log_output
Defaults!/usr/bin/sudoreplay !log_output
Defaults!/usr/local/bin/sudoreplay !log_output
Defaults!REBOOT !log_output
# Add some fine insults
Defaults insults
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

2
root/etc/sudoers.d/brightness-mod
View file

@ -1,2 +0,0 @@
ALL ALL=(ALL) NOPASSWD: /usr/bin/tee /sys/class/backlight/intel_backlight/brightness

4
root/etc/sudoers.d/poweroff
View file

@ -1,4 +0,0 @@
ALL ALL=(ALL) NOPASSWD: /sbin/poweroff
ALL ALL=(ALL) NOPASSWD: /sbin/shutdown
ALL ALL=(ALL) NOPASSWD: /sbin/reboot

14
root/etc/systemd/system/paccache.timer
View file

@ -1,14 +0,0 @@
# Clean pacman cache of old and uninstalled packages every month
# This needs to be started by running `systemctl start paccache.timer`
# Usage requires `pacman-contrib` package to be installed
[Unit]
Description=Clean-up old pacman pkg
[Timer]
OnCalendar=weekly
AccuracySec=1h
Persistent=true
[Install]
WantedBy=timers.target

13
root/usr/lib/systemd/system/paccache.timer
View file

@ -1,13 +0,0 @@
# Clean pacman cache of old and uninstalled packages every month
# This needs to be started by systemctl stat paccache.timer
# Usage requires pacman-contrib package to be installed
[Unit]
Description=Clean-up old pacman pkg
[Timer]
OnCalendar=monthly
Persistent=true
[Install]
WantedBy=multi-user.target

81
root/usr/local/bin/auto-chroot
View file

@ -1,81 +0,0 @@
#!/bin/sh
yes_no() {
while true; do
printf "$1 (y/n): "
read -r yn
case $yn in
[Yy]* ) return 0;;
[Nn]* ) return 1;;
* ) echo "Please answer yes or no";;
esac
done
}
# Ensure we run as root
if [ "$EUID" -ne 0 ]; then
echo "Must be ran as root"
exit 1
fi
# Take NEWROOT as 1st argument
if [ $# -ge 1 ]; then
NEWROOT="$1"
else
echo "Provide newroot directory"
exit 1
fi
# Take chroot user as 2nd argument, default to root
if [ $# -ge 2 ]; then
USERNAME="$2"
else
USERNAME="root"
fi
# Check if given NEWROOT is already mounted, if it is
# set REMOUNT to the mount source, so that we can remount
# it once we're done.
df_out=$(df --output=source,target | grep -w "$NEWROOT")
if [ -n "$df_out" ]; then
REMOUNT="$(echo $df_out | awk '{print $1}')"
else
# If the target isn't mounted already, check
# if user gave $3 (mount location)
if [ $# -ge 3 ]; then
mount "$3" "$NEWROOT"
else
# If user didn't give mount location, try to
# mount according to fstab
if [ -n "$(grep -w "$NEWROOT" /etc/fstab)" ]; then
mount "$NEWROOT"
else
# Ask for user confirmation to ensure that filesystem
# is ready for chroot in given NEWROOT, exit if not
yes_no "$NEWROOT wasn't mounted, is your filesystem in place?" || exit 1
fi
fi
fi
# Mount necessary directories for chroot to be possible
mount --types proc /proc "$NEWROOT/proc"
mount --rbind /sys "$NEWROOT/sys"
mount --make-rslave "$NEWROOT/sys"
mount --rbind /dev "$NEWROOT/dev"
mount --make-rslave "$NEWROOT/dev"
# Use /bin/su for chrooting with --login to also run
# /etc/profile and ~/.profile or ~/.zprofile
chroot "$NEWROOT" "/bin/su" "$USERNAME" --login
# Unmount recursively mounted directories
umount -l "$NEWROOT/dev"
umount -l "$NEWROOT/sys"
umount -l "$NEWROOT/proc"
umount -R "$NEWROOT"
# Remount partition according to fstab if REMOUT is set
# in order to leave the filesystem in the state it was
if [ -n "$REMOUNT" ]; then
mount "$REMOUNT" "$NEWROOT"
fi

11
root/usr/local/bin/cron-notify
View file

@ -1,11 +0,0 @@
#!/bin/sh
# Crontab requires DISPLAY and XDG_RUNTIME_HOME
# to be set when running notify-send, this script
# makes defines those to make it eaiser to send
# notifications from crontab without cluttering it
# It sets "Cron Notification" title, rest of the
# arguments are passed to notfiy-send
XDG_RUNTIME_DIR="/run/user/$(id -u)" \
DISPLAY=:0 \
notify-send "$@"

37
root/usr/local/bin/incremental-backup
View file

@ -1,37 +0,0 @@
#!/bin/bash
# Script to perform incremental backups using rsync
# It is often ran as crontab rule for automated backup solution
#
# This script will respect .rsync-filter files, which can be used
# to define custom exclude rules for files/dirs in which it is present
if [ $# -lt 2 ]; then
echo "Invalid amount of arguments passed!"
echo "Arguments: [Source path] [Backup path]"
echo " Source path: directory to be backed up, usually '/'"
echo " Backup path: directory to back up to (destination), usually mounted drive"
exit
fi
SOURCE_DIR="$1"
BACKUP_DIR="$2"
DATETIME="$(date '+%Y-%m-%d_%H:%M:%S')"
BACKUP_PATH="${BACKUP_DIR}/${DATETIME}"
LATEST_LINK="${BACKUP_DIR}/latest"
mkdir -p "$BACKUP_DIR"
rsync -avHAXS \
--delete \
--filter='dir-merge /.rsync-filter' \
--link-dest "${LATEST_LINK}" \
"${@:3}" "${SOURCE_DIR}/" "${BACKUP_PATH}"
# Only attempt to override the symlink if we made new backup_path
# user might've passed --dry-run option in which case we wouldn't
# want to override latest symlink to non-existent location
if [ -d "${BACKUP_PATH}" ]; then
rm "${LATEST_LINK}" 2>/dev/null
ln -s "${BACKUP_PATH}" "${LATEST_LINK}"
fi

292
root/usr/local/bin/tamper-check
View file

@ -1,292 +0,0 @@
#!/bin/python3
import json
import subprocess
import sys
import argparse
from pathlib import Path
try:
import colorama
except ImportError:
from unittest.mock import Mock
class NoReprMock(Mock):
__repr__ = lambda self: ""
colorama = NoReprMock()
colorama.init(autoreset=True)
# default path to the JSON file that stores known file checksums
# this can be overridden by using `--checksum-file=path` flag
CHECKSUM_FILE = Path('/usr/local/share/tamper-check/checksums.json')
def _yes_no(text: str, add_yn: bool = True) -> bool:
if add_yn:
text += ' (y/n): '
while True:
user_inp = input(text).lower()
if user_inp in ('y', 'yes'):
return True
elif user_inp in ('n', 'no'):
return False
def _get_checksum_dict(checksum_file: Path) -> dict[Path, str]:
"""Read the JSON checksum file and return it as python dictionary object."""
try:
with open(checksum_file, 'r') as f:
checksums = json.load(f)
except FileNotFoundError:
print(
f'{colorama.Fore.YELLOW}Checksum file not found: {colorama.Fore.RESET}'
f"'{colorama.Fore.BLUE}{checksum_file}{colorama.Fore.RESET}'{colorama.Fore.YELLOW} "
'Creating new empty checksum file...'
)
checksum_file.parent.mkdir(parents=True, exist_ok=True)
checksums = {}
with open(checksum_file, 'w') as f:
json.dump(checksums, f, indent=4)
return checksums
except PermissionError:
print(
f'{colorama.Fore.RED}PermissionError: {colorama.Fore.RESET}'
'to run tamper-check you must have read access to checksum file: '
f"'{colorama.Fore.BLUE}{checksum_file}{colorama.Fore.RESET}' (forgot sudo?)"
)
exit(2)
except json.decoder.JSONDecodeError as e:
print(
f'{colorama.Fore.RED}Checksum file is corrupted, unable to decode JSON. '
f"{colorama.Fore.RESET}('{colorama.Fore.BLUE}{checksum_file}{colorama.Fore.RESET}').\n"
f'Error text: {e}'
)
exit(3)
else:
dct = {}
for file_str, checksum in checksums.items():
dct[Path(file_str)] = checksum
return dct
def _get_checksum(file: Path) -> str:
"""Obtain a checksum of given file"""
proc = subprocess.run(['sha256sum', file], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
proc_stdout = proc.stdout.decode('utf-8')
if "No such file or directory" in proc_stdout:
raise FileNotFoundError(f"'{file}' not found, can't produce sha256 checksum")
elif "Permission denied" in proc_stdout:
raise PermissionError(f"Unable to read file '{file}'")
elif "Is a directory" in proc_stdout:
raise RuntimeError(f"{file} is a directory, can't produce sha256sum")
return proc_stdout.replace(f' {file}\n', '')
def _update_checksum(file_path: Path, checksum: str, checksum_file: Path, new_entry: bool = False) -> None:
"""Update existing checksums or add new file entries in checksum_file"""
checksums = _get_checksum_dict(checksum_file)
if new_entry and file_path in checksums:
print(
f"{colorama.Fore.RED}Path {colorama.Fore.RESET}"
f"'{colorama.Fore.BLUE}{file_path}{colorama.Fore.RESET}' {colorama.Fore.RED}"
"is already in the checksum file perhaps you wanted `--update`?"
)
raise SystemExit(3)
checksums[file_path] = checksum
writeable_checksums = {str(file_path): file_checksum for file_path, file_checksum in checksums.items()}
try:
with open(checksum_file, 'w') as f:
json.dump(writeable_checksums, f, indent=4)
except PermissionError:
print(
f'{colorama.Fore.RED}PermissionError: {colorama.Fore.RESET}'
'To add a new rule, you must have write access to: '
f"'{colorama.Fore.BLUE}{checksum_file}{colorama.Fore.RESET}' (forgot sudo?)"
)
raise SystemExit(2)
def update(file_path: Path, checksum_file: Path, text: str, no_confirm: bool = False) -> bool:
"""Ask user if a file should be updated, or update automatically if no_confirm is True"""
new_checksum = _get_checksum(file_path)
if no_confirm:
print(text + ' checksum auto-updating')
elif not _yes_no(text + ' update checksum?'):
print(f'{colorama.Fore.RED} -> Staying mismatched')
return False
_update_checksum(file_path, new_checksum, checksum_file)
print(f'{colorama.Fore.GREEN} -> Updated')
return True
def run_check(checksum_file: Path, verbose: bool) -> list[Path]:
"""
Go through all files listed in checksum_file and make sure that the checksums are matching.
Return all entries which didn't match.
"""
checksums = _get_checksum_dict(checksum_file)
not_matched = []
for file, stored_checksum in checksums.items():
line = f"Checksum of '{colorama.Fore.BLUE}{file}{colorama.Fore.RESET}': "
try:
real_sha256_sum = _get_checksum(file)
except PermissionError as exc:
print(line + f'{colorama.Fore.YELLOW}SKIPPED [PermissionError - no read perms]')
if verbose:
print(f' -> Error text: {colorama.Fore.CYAN}{exc}')
continue
except FileNotFoundError as exc:
print(line + f'{colorama.Fore.YELLOW}FAILED [FileNotFound - fix checksum file]')
if verbose:
print(f' -> Error text: {colorama.Fore.CYAN}{exc}')
continue
except RuntimeError as exc:
print(line + f'{colorama.Fore.YELLOW}FAILED [{exc.__class__.__name__}: {exc} - fix checksum file]')
if verbose:
print(f' -> Error text: {colorama.Fore.CYAN}{exc}')
continue
if real_sha256_sum == stored_checksum:
print(line + f'{colorama.Fore.GREEN}OK')
else:
not_matched.append(file)
print(line + f'{colorama.Fore.RED}FAIL [Checksum Mismatch]')
if verbose:
print(f' -> detected: {colorama.Fore.CYAN}{real_sha256_sum}')
print(f' -> stored: {colorama.Fore.CYAN}{stored_checksum}')
return not_matched
def parse_args(*, checksum_file_default) -> dict:
parser = argparse.ArgumentParser(
description='tamper-check is a command line utility to automate checking for file edits. '
'This is achieved by storing sha256 checksums of each added file and comparing them.'
)
parser.add_argument(
'-v', '--verbose', action='store_true',
help='Verbose mode, show checksums on failures and some more info'
)
parser.add_argument(
'-u', '--update', action='store_true',
help='If invalid checksum is found, ask user if it should be updated (y/n)'
)
parser.add_argument(
'--no-confirm', action='store_true',
help='Used in combination with `--update`, automatically assumes `y` for all questions'
)
parser.add_argument(
'--checksum-file', metavar='FILE', type=Path, default=checksum_file_default,
help='JSON file storing the file checksums'
)
parser.add_argument(
'-a', '--add', metavar='FILE', nargs='+', action='extend', type=Path, default=[],
dest='files_to_add', help='Add a new file to the list of check entries'
)
namespace = parser.parse_args()
cli_args = {k: v for k, v in vars(namespace).items()}
# Handle non-existing paths
for path in cli_args['files_to_add']:
if not path.exists():
raise FileNotFoundError(path)
if not path.is_file():
raise RuntimeError("Can't add a directory")
if not cli_args['checksum_file'].exists():
raise FileNotFoundError(cli_args['checksum_file'])
return cli_args
def main() -> int:
"""Run the program as intended, return the exit code"""
try:
run_parameters = parse_args(checksum_file_default=CHECKSUM_FILE)
except FileNotFoundError as exc:
path = exc.args[0]
print(
f'{colorama.Fore.RED}FileNotFoundError: {colorama.Fore.RESET}'
f"'{colorama.Fore.BLUE}{path}{colorama.Fore.RESET}' -> invalid path"
)
return 2
except RuntimeError as exc:
print(
f'{colorama.Fore.RED}{exc.__class__.__name__}: {colorama.Fore.RESET}'
f"'{colorama.Fore.BLUE}{exc}{colorama.Fore.RESET}'"
)
return 2
except SystemExit as exc:
return exc.code
if len(run_parameters["files_to_add"]) > 0:
for file_to_add in run_parameters["files_to_add"]:
checksum = _get_checksum(file_to_add)
try:
_update_checksum(
file_to_add, checksum,
run_parameters["checksum_file"],
new_entry=True
)
except SystemExit as e:
return e.code
print(
f"Added '{colorama.Fore.BLUE}{file_to_add}{colorama.Fore.RESET}': "
f"'{colorama.Fore.CYAN}{checksum}{colorama.Fore.RESET}'"
)
return 0 # don't proceed to check if we're adding files
# Run the check
mismatched_files = run_check(run_parameters["checksum_file"], run_parameters["verbose"])
if len(mismatched_files) == 0:
return 0 # all files are ok
print("\nFiles with mismatched checksums:")
prefix = f"{colorama.Fore.RED} - {colorama.Fore.RESET}"
unfixed = []
for mismatched_file in mismatched_files:
line = prefix + f"'{colorama.Fore.BLUE}{mismatched_file}{colorama.Fore.RESET}'"
if not run_parameters["update"]:
unfixed.append(mismatched_file)
print(line)
continue
if not update(
file_path=mismatched_file,
checksum_file=run_parameters["checksum_file"],
no_confirm=run_parameters["no_confirm"],
text=line
):
unfixed.append(mismatched_file)
if len(unfixed) > 0:
return 1
print(f'\n{colorama.Fore.GREEN}All checksums are correct')
return 0
if __name__ == '__main__':
exit_code = main()
try:
exit(exit_code) # exit gracefully, with silent exit code
except TypeError:
# Some python interpreters/extensions (such as IPython) don't like exit.
# sys.exit will raise a full exception and go to python traceback, exiting
# with code 1. The real exit code will be preserved in the traceback.
# This isn't ideal, but it's better than out of the place TypeError
# and with exit code 0, this will exit normally.
# CPython doesn't do this and most users will never experience this.
sys.exit(exit_code)

17
root/usr/local/share/tamper-check/checksums.json
View file

@ -1,17 +0,0 @@
{
"/etc/pam.d/system-auth": "89d62406b2d623a76d53c33aca98ce8ee124ed4a450ff6c8a44cfccca78baa2f",
"/etc/pam.d/su": "7d8962b4a2cd10cf4bc13da8949a4a6151b572d39e87b7125be55f882b16c4da",
"/etc/pam.d/sudo": "d1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2",
"/etc/passwd": "28d6bec52ac5b4957a2c30dfcd15008dc1a39665c27abce97408489f3dbf02c9",
"/etc/shadow": "a24f72cba4cbc6b0a8433da2f4b011f31345068e3e5d6bebed6fb6a35769bd59",
"/etc/ssh/sshd_config": "515db2484625122b4254472f7e673649e3d89b57577eaa29395017676735907b",
"/bin/sudo": "4ff88367f05a314a98cf69d9949d8ca6b266cee6b93e9ff4d553b399ea472264",
"/bin/su": "3101438405d98e71e9eb68fbc5a33536f1ad0dad5a1c8aacd6da6c95ef082194",
"/usr/bin/passwd": "d4df1659159737bb4c08a430d493d257d75cdd93e18427946265ae5862a714c7",
"/usr/bin/chsh": "6bc0ae69620dde18f7942e2573afb4a6200b10269612151f48f54ef8423a64fe",
"/usr/bin/chfn": "63178af1347a62f58874640d38d605d3cb1bebe8092533787965ba317e8b553b",
"/home/itsdrike/.ssh/authorized_keys": "674806197893dbf67d3c9ba3abf049d30e571de0c4b450fc9819d3e8b0f854cc",
"/boot/vmlinuz-linux": "fcd97f4aa96cce36e0bd5d69a6135741a37019b57157c97ffceaf9f5f0e86f32",
"/boot/grub/grub.cfg": "39a57270f03a2fbd89f8e99af101ba34380a216a2cb2150268538c84480bc69c",
"/efi/EFI/GRUB/grubx64.efi": "511141419219eeabb86f8f585d9a186094d3a449c9126d667fe8d37bddccb46c"
}

1
root/usr/local/src/dmenu

@ -1 +0,0 @@
Subproject commit 8d9d74e056ea918f02dd7d617486da6677f65e19

1
root/usr/local/src/z.lua

@ -1 +0,0 @@
Subproject commit a3d4f5db684ed6dfd3041e73d1d761f5fe944179

Some files were not shown because too many files have changed in this diff Show more