ItsDrike/dotfiles
1
0
Fork 0
mirror of https://github.com/ItsDrike/dotfiles.git synced 2025-06-29 04:00:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Remove everything and restart blank

Browse source 
This commit removes all files currently present in the repo, to prepare
for a start from a nothing. This is done due to my recent migration from
X11 to Wayland, which has rendered most of these config files no longer
releveant.

I've currently been tracking my dotfiles in a separate repository, in
hopes to get it to a state where it would be mergable here, but that
turned out to be much more difficult than I anticipated, and I think it
will be much easier to simply move over the history from this temporary
repository I've been using onto this one. That however requires a start
from a clean point, which this commit creates.
This commit is contained in:
ItsDrike 2022-11-20 03:07:41 +01:00
parent eadb37961b
commit b912871070
No known key found for this signature in database
GPG key ID: B014E761034AF742
206 changed files with 0 additions and 15683 deletions
Download patch file Download diff file Expand all files Collapse all files

16
root/etc/NetworkManager/conf.d/random_mac.conf
View file

@ -1,16 +0,0 @@
[device-mac-randomization]
# "yes" is already the default for scanning
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
# Randomize MAC for every ethernet connection
ethernet.cloned-mac-address=random
# Generate a random MAC for each WiFi and associate the two permanently
wifi.cloned-mac-address=stable
# Opions:
# permanent: Use HardWare address
# preserve: Dont change the MAC address of the device upon activation
# stable: Randomize once and associate it permanently with that network
# random: Randomize MAC for every connection

7
root/etc/X11/xorg.conf.d/40-libinput.conf
View file

@ -1,7 +0,0 @@
Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "Tapping" "on"
EndSection

62
root/etc/default/grub
View file

@ -1,62 +0,0 @@
# GRUB boot loader configuration
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=9a400ce4-df98-43eb-b88c-009a359873a5:cryptroot:allow-discards lukskeyfile=UUID=80c09daa-c562-4242-90a9-8258f6442bec:/root-key"
# Grub should automatically detect the root UUID after decryption and set
# that as root, we could also use root=/dev/mapper/cryptroot cmdline arg,
# however that could lead to problems, since GRUB defines the root anyway,
# so we'd have 2 root definitions, we could also use the UUID manually by using
# root=7173b256-9d90-41f5-beac-4d01b3b5bbd5
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable booting with LUKS encrypted /boot drive
#GRUB_ENABLE_CRYPTODISK=y
# Set to 'countdown' or 'hidden' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=menu
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
#GRUB_SAVEDEFAULT=true
# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y

20
root/etc/doas.conf
View file

@ -1,20 +0,0 @@
# doas configuration file
# doas is a sudo-like utility without that many features
# which results in less potentional security vulnerabilities
# Allow all users in wheel group to execute a command
#permit :wheel
# Allow all users of the wheel group toperform actions
# as root without authentication
#permit nopass :wheel
# Don't require password for 5 minutes
# for all users of wheel group
permit persist :wheel
# Deny a user to execute a command
#deny itsdrike cmd fdisk
# Allow a user to use command without password
#permit nopass itsdrike cmd reboot

13
root/etc/grub.d/09_credentials
View file

@ -1,13 +0,0 @@
#!/bin/sh
exec tail -n +3 $0
# Setup GRUB credentials so that it isn't possible for anyone to change the
# boot parameters or use the command line, unless they know user/password pair
#set superusers="admin"
#password admin [unsafe plaintext password]
#password_pbkdf2 admin [safe grub-mkpasswd-pbkdf2 password]
# Make OS Entries unrestricted, so that they can be booted into without prompting
# for user/password pair set above
#menuentry_id_option="--unrestricted $menuentry_id_option"

12
root/etc/grub.d/40_custom
View file

@ -1,12 +0,0 @@
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
if [ ${grub_platform} == "efi" ]; then
menuentry "Firmware setup" {
fwsetup
}
fi

44
root/etc/hosts
View file

@ -1,44 +0,0 @@
# /etc/hosts: Local Host Database
# See hosts(5) for details
#
# This file describes a number of aliases-to-address mappings for the for
# local hosts that share this file.
#
# The format of lines in this file is:
#
# IP_ADDRESS canonical_hostname [aliases...]
#
# The fields can be separated by any number of spaces or tabs.
#
# In the presence of the domain name service or NIS, this file may not be
# consulted at all; see /etc/host.conf for the resolution order.
#
# According to RFC 1918, you can use the following IP networks for private
# nets which will never be connected to the Internet:
#
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
#
# In case you want to be able to connect directly to the Internet (i.e. not
# behind a NAT, ADSL router, etc...), you need real official assigned
# numbers. Do not try to invent your own network numbers but instead get one
# from your network provider (if any) or from your regional registry (ARIN,
# APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
# IPv4 and IPv6 localhost aliases
127.0.0.1 localhost ip4-localhost
::1 ip6-localhost
# Current system definition
127.0.1.1 pc.localdomain pc
# Extra systems on the network
10.1.0.1 localserver.localdomain localserver
# DNS servers
45.90.30.0 nextcloud-dns
1.1.1.1 couldflare-dns
1.0.0.1 cloudflare-dns2
8.8.8.8 google-dns

52
root/etc/initcpio/hooks/lukskeyfile
View file

@ -1,52 +0,0 @@
#!/bin/ash
run_hook() {
# This is a needed kernel parameter for this hook
if [ -n "$lukskeyfile" ]; then
modprobe -a -q loop dm-crypt >/dev/null 2>&1
# Refer to help from `mkinitcpio -H lukskeyfile`.
IFS=: read rootKeyDev rootKey cryptkeyLoc <<EOF
$lukskeyfile
EOF
if [ -z "${cryptkeyLoc}" ]; then
cryptkeyLoc=/crypto_keyfile.bin
fi
# Ask user whether to detect the device (detecting may
# take up a while and asking is faster)
while true; do
read -t5 -p "Use external key file? (default: yes, waiting 5s): " yn
if [ $? -gt 0 ]; then
echo "Timed out, assuming yes"
break
fi
case $yn in
[Yy]*)
break
;;
[Nn]*) return 0;;
"")
echo "Default (yes)"
break
;;
*) echo "Please answer yes or no.";;
esac
done
# Resolve and mount the device, in case we can't mount, show error
echo "Mounting device..."
if resoleved=$(resolve_device "${rootKeyDev}" $rootdelay); then
if mount -o noatime "${rootKeyDev}" /mnt>/dev/null 2>&1; then
# Copy the keyfile present in the device into the
# ramfs filesystem to be read by dm-crypt
cat "/mnt/${rootKey}" > "${cryptkeyLoc}"
else
echo "Failed to mount ${rootKeyDev} on /mnt"
/bin/sh
fi
else
echo "Failed to find ${rootKeyDev} containing LUKS root key."
fi
fi
}

27
root/etc/initcpio/install/lukskeyfile
View file

@ -1,27 +0,0 @@
#!/bin/bash
build() {
add_dir "/mnt"
add_module loop
add_module dm-crypt
add_runscript
}
help() {
cat <<EOF
Open root partition with LUKS root key present on internal
or external accessible non-encrypted partition.
To use this hook, specify lukskeyfile in kernel parameters.
This hook is designed to copy over the specified key file into
initramfs internal path designated as cryptkey by encrypt hook.
lukskeyfile=rootKeyDev:rootKey[:cryptkeyLoc]
rootKeyDev = /path/to/rootKeyDev, UUID=uuid-of-rootKeyDev
rootKey = /path/to/rootKey in rootKeyDev
cryptkeyLoc = /path/to/cryptkey in initramfs.
Default values
cryptkeyLoc=/crypto_keyfile.bin
EOF
}

69
root/etc/mkinitcpio.conf
View file

@ -1,69 +0,0 @@
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES=(piix ide_disk reiserfs)
MODULES=()
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=()
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS=(base)
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS=(base udev autodetect block filesystems)
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS=(base udev block filesystems)
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS=(base udev block mdadm encrypt filesystems)
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS=(base udev block lvm2 filesystems)
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
#
## Edits applied: numlock (requires mkinitcpio-numlock (AUR)), encrypt
HOOKS=(base udev autodetect keyboard numlock modconf block lukskeyfile encrypt filesystems fsck)
# COMPRESSION
# Use this to compress the initramfs image. By default, zstd compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="zstd"
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

1
root/etc/modprobe.d/blacklist.conf
View file

@ -1 +0,0 @@
blacklist pcspkr

16
root/etc/opensnitchd/rules/0 - Global Allow.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:38:21.237148571+01:00",
"updated": "2021-03-26T14:38:21.237217606+01:00",
"name": "0 - Global Allow",
"enabled": false,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": ".*",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 1: Loopback IPv4.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:34:29.750639149+01:00",
"updated": "2021-03-26T14:34:29.750717553+01:00",
"name": "1 - Local Network 1: Loopback IPv4",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "127.0.0.0/8",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 1: Loopback IPv6.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:35:06.471042752+01:00",
"updated": "2021-03-26T14:35:06.471104722+01:00",
"name": "1 - Local Network 1: Loopback IPv6",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "::1/128",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 2: IPv4.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T13:55:13.918975568+01:00",
"updated": "2021-03-26T13:55:13.919048389+01:00",
"name": "1 - Local Network 2: IPv4",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "192.0.0.0/8",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 2: IPv6.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:35:19.095504822+01:00",
"updated": "2021-03-26T14:35:19.095575256+01:00",
"name": "1 - Local Network 2: IPv6",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "ff00::/8",
"list": []
}
}

16
root/etc/opensnitchd/rules/1 - Local Network 3: Multicast.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T14:35:34.624303764+01:00",
"updated": "2021-03-26T14:35:34.624381925+01:00",
"name": "1 - Local Network 3: Multicast",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "network",
"operand": "dest.network",
"sensitive": false,
"data": "224.0.0.0/8",
"list": []
}
}

38
root/etc/opensnitchd/rules/2 - DNS 1: CloudFlare.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:05:47.752157095+01:00",
"updated": "2021-03-26T14:05:47.752306682+01:00",
"name": "2 - DNS 1: CloudFlare",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.ip\", \"data\": \"(1\\\\.1\\\\.1\\\\.1)|(1\\\\.0\\\\.0\\\\.1)\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
},
{
"type": "regexp",
"operand": "dest.ip",
"sensitive": false,
"data": "(1\\.1\\.1\\.1)|(1\\.0\\.0\\.1)",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/2 - DNS 2: Local NameServer.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:11:37.6695327+01:00",
"updated": "2021-03-26T14:11:37.669693753+01:00",
"name": "2 - DNS 2: Local NameServer",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"192.168.0.1\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "192.168.0.1",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/3 - Clord (color management daemon).json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:54:35.691185369+01:00",
"updated": "2021-03-26T14:54:35.691334733+01:00",
"name": "3 - Clord (color management daemon)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/colord-sane\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"255.255.255.255\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"user.id\", \"data\": \"974\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/colord-sane",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "255.255.255.255",
"list": null
},
{
"type": "simple",
"operand": "user.id",
"sensitive": false,
"data": "974",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/3 - NetworkManager HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:25:45.324185722+01:00",
"updated": "2021-03-26T14:25:45.324300946+01:00",
"name": "3 - NetworkManager HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/NetworkManager\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/NetworkManager",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

45
root/etc/opensnitchd/rules/3 - Resolver: Avahi Daemon (Multicast DNS).json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T14:32:52.844859434+01:00",
"updated": "2021-03-26T14:32:52.845014247+01:00",
"name": "3 - Resolver: Avahi Daemon (Multicast DNS)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/avahi-daemon\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"5353\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.ip\", \"data\": \"^(ff02::fb|224\\\\.0\\\\.0\\\\.251)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/avahi-daemon",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "5353",
"list": null
},
{
"type": "regexp",
"operand": "dest.ip",
"sensitive": false,
"data": "^(ff02::fb|224\\.0\\.0\\.251)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/3 - Resolver: Systemd Resolved (TCP DNS).json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-07T07:30:07.18439781+02:00",
"updated": "2021-04-07T07:30:07.184496636+02:00",
"name": "3 - Resolver: Systemd Resolved (TCP DNS)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/systemd/systemd-resolved\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"853\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"116.202.176.26\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/systemd/systemd-resolved",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "853",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "116.202.176.26",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/3 - Resolver: Systemd Resolved (Unicast DNS).json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:36:45.353178364+01:00",
"updated": "2021-03-26T14:36:45.353306158+01:00",
"name": "3 - Resolver: Systemd Resolved (Unicast DNS)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/systemd/systemd-resolved\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/systemd/systemd-resolved",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/3 - Time Synchronization.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:31:12.698421478+01:00",
"updated": "2021-03-26T14:31:12.698577981+01:00",
"name": "3 - Time Synchronization",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/systemd/systemd-timesyncd\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/systemd/systemd-timesyncd",
"list": null
}
]
}
}

45
root/etc/opensnitchd/rules/4 - Arch-Audit HTTPS.json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T14:53:45.452433311+01:00",
"updated": "2021-03-26T14:53:45.452584115+01:00",
"name": "4 - Arch-Audit HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/arch-audit\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"security.archlinux.org\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/arch-audit",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "security.archlinux.org",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Curl HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:52:55.594720808+01:00",
"updated": "2021-03-26T14:52:55.594848089+01:00",
"name": "4 - Curl HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/curl\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/curl",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Flatpak.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-01T03:02:23.608460294+02:00",
"updated": "2021-04-01T03:02:23.608585046+02:00",
"name": "4 - Flatpak",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/flatpak\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/flatpak",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/4 - Git All.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:53:18.08440206+01:00",
"updated": "2021-03-26T14:53:18.084531091+01:00",
"name": "4 - Git All",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"(\\\\/usr\\\\/bin\\\\/git)|(\\\\/usr\\\\/lib\\\\/git-core\\\\/git-remote-https?)\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "(\\/usr\\/bin\\/git)|(\\/usr\\/lib\\/git-core\\/git-remote-https?)",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/4 - Nslookup.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-07T07:32:01.871499604+02:00",
"updated": "2021-04-07T07:32:01.871618908+02:00",
"name": "4 - Nslookup",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/nslookup",
"list": []
}
}

38
root/etc/opensnitchd/rules/4 - Pacman HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-01T02:59:52.127387559+02:00",
"updated": "2021-04-01T02:59:52.127534491+02:00",
"name": "4 - Pacman HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/pacman\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/pacman",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Pkgfile HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:53:36.851205357+01:00",
"updated": "2021-03-26T14:53:36.851336407+01:00",
"name": "4 - Pkgfile HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/pkgfile\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/pkgfile",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/4 - SSH.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:55:32.627718743+01:00",
"updated": "2021-03-26T14:55:32.627823529+01:00",
"name": "4 - SSH",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/ssh\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/ssh",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Wget HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:52:45.386672313+01:00",
"updated": "2021-03-26T14:52:45.386820625+01:00",
"name": "4 - Wget HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/wget\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/wget",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/4 - Yay (AUR) HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:52:25.658707558+01:00",
"updated": "2021-03-26T14:52:25.658876726+01:00",
"name": "4 - Yay (AUR) HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/yay\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/yay",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/5 - KDE Discover HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-01T03:00:23.962712398+02:00",
"updated": "2021-04-01T03:00:23.962833202+02:00",
"name": "5 - KDE Discover HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"^(\\\\/usr\\\\/bin\\\\/plasma-discover|\\\\/usr\\\\/lib\\\\/DiscoverNotifier)$\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "^(\\/usr\\/bin\\/plasma-discover|\\/usr\\/lib\\/DiscoverNotifier)$",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/5 - KDE Init (Widgets) HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:01:40.246561989+01:00",
"updated": "2021-03-26T15:01:40.24674061+01:00",
"name": "5 - KDE Init (Widgets) HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/kdeinit5\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/kdeinit5",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/5 - KDE Plasmashell.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-01T02:54:46.246760182+02:00",
"updated": "2021-04-01T02:54:46.246834823+02:00",
"name": "5 - KDE Plasmashell",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/plasmashell",
"list": []
}
}

38
root/etc/opensnitchd/rules/5 - KDE Telemetry.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:58:25.517342143+01:00",
"updated": "2021-03-26T14:58:25.517486366+01:00",
"name": "5 - KDE Telemetry",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/plasmashell\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"telemetry.kde.org\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/plasmashell",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "telemetry.kde.org",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/5 - KScreenLocker Greet HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T14:58:41.453127782+01:00",
"updated": "2021-03-26T14:58:41.453247154+01:00",
"name": "5 - KScreenLocker Greet HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/kscreenlocker_greet\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/kscreenlocker_greet",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/5 - Plasma Browser Integration HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T14:58:51.013216555+01:00",
"updated": "2021-03-26T14:58:51.013358956+01:00",
"name": "5 - Plasma Browser Integration HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/plasma-browser-integration-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/plasma-browser-integration-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/5 - VirtualBox ALL.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:06:09.065865819+01:00",
"updated": "2021-03-26T15:06:09.065936078+01:00",
"name": "5 - VirtualBox ALL",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/virtualbox/VirtualBoxVM",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - Caprine 1 - UDP.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:05:34.481391307+01:00",
"updated": "2021-03-26T15:05:34.481508413+01:00",
"name": "6 - Caprine 1 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.command\", \"data\": \"/usr/lib/electron/electron /usr/bin/caprine\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"53\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.command",
"sensitive": false,
"data": "/usr/lib/electron/electron /usr/bin/caprine",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "53",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Caprine 2 - IP Grabbers.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:05:42.793872103+01:00",
"updated": "2021-03-26T15:05:42.793987628+01:00",
"name": "6 - Caprine 2 - IP Grabbers",
"enabled": true,
"precedence": true,
"action": "deny",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.command\", \"data\": \"/usr/lib/electron/electron /usr/bin/caprine\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \"(icanhazip.com|myip.opendns.com|api.ipify.org)\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.command",
"sensitive": false,
"data": "/usr/lib/electron/electron /usr/bin/caprine",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": "(icanhazip.com|myip.opendns.com|api.ipify.org)",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Chromium 1 - HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:02:22.863576228+01:00",
"updated": "2021-03-26T15:02:22.863723433+01:00",
"name": "6 - Chromium 1 - HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/chromium/chromium\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/chromium/chromium",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Chromium 2 - UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:00:30.758958286+01:00",
"updated": "2021-03-26T15:00:30.759131117+01:00",
"name": "6 - Chromium 2 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/chromium/chromium\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/chromium/chromium",
"list": null
}
]
}
}

45
root/etc/opensnitchd/rules/6 - Chromium 3 - Google DNS.json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T15:00:39.45302295+01:00",
"updated": "2021-03-26T15:00:39.453105125+01:00",
"name": "6 - Chromium 3 - Google DNS",
"enabled": true,
"precedence": true,
"action": "deny",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/chromium/chromium\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"5228\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"mtalk.google.com\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/chromium/chromium",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "5228",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "mtalk.google.com",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Discord 1 - HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:00:47.05534584+01:00",
"updated": "2021-03-26T15:00:47.055503114+01:00",
"name": "6 - Discord 1 - HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/discord/Discord\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/discord/Discord",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Discord 2 - UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:00:54.726404116+01:00",
"updated": "2021-03-26T15:00:54.726525934+01:00",
"name": "6 - Discord 2 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/discord/Discord\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/discord/Discord",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Electron HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:03:20.472154851+01:00",
"updated": "2021-03-26T15:03:20.472291079+01:00",
"name": "6 - Electron HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/electron/electron\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/electron/electron",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Firefox 1 - HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:01:03.878891592+01:00",
"updated": "2021-03-26T15:01:03.879007456+01:00",
"name": "6 - Firefox 1 - HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/firefox/firefox\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/firefox/firefox",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Firefox 2 - UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:01:21.022762959+01:00",
"updated": "2021-03-26T15:01:21.022899201+01:00",
"name": "6 - Firefox 2 - UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/firefox/firefox\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/firefox/firefox",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Firefox 3 - PingSender.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:01:27.902723849+01:00",
"updated": "2021-03-26T15:01:27.902798768+01:00",
"name": "6 - Firefox 3 - PingSender",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/firefox/pingsender",
"list": []
}
}

31
root/etc/opensnitchd/rules/6 - Gimagereader HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:06:47.786430608+01:00",
"updated": "2021-03-26T15:06:47.786567338+01:00",
"name": "6 - Gimagereader HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/gimagereader-qt5\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/gimagereader-qt5",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Go (language).json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:10:53.909451068+01:00",
"updated": "2021-03-26T15:10:53.90953488+01:00",
"name": "6 - Go (language)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/go/bin/go",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - LibreWolf HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-04-02T23:28:24.475396074+02:00",
"updated": "2021-04-02T23:28:24.475553501+02:00",
"name": "6 - LibreWolf HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/lib/librewolf/librewolf\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/lib/librewolf/librewolf",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Python HTTP+S.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:10:46.661735004+01:00",
"updated": "2021-03-26T15:10:46.66187107+01:00",
"name": "6 - Python HTTP+S",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"/usr/bin/python*\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(80|443)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/python*",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(80|443)$",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - QBitTorrent.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:03:59.240296743+01:00",
"updated": "2021-03-26T15:03:59.240369823+01:00",
"name": "6 - QBitTorrent",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/qbittorrent",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - Qalculate HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:03:51.080504273+01:00",
"updated": "2021-03-26T15:03:51.080636184+01:00",
"name": "6 - Qalculate HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/qalculate-gtk\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/qalculate-gtk",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/6 - Spotify 1 - needed.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:01:53.487069746+01:00",
"updated": "2021-03-26T15:01:53.487181823+01:00",
"name": "6 - Spotify 1 - needed",
"enabled": true,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/spotify/spotify\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \"^(.*\\\\.?spotify\\\\.com)|(audio.+spotify.+\\\\.akamaized\\\\.net)|(.*\\\\.?scdn\\\\.co)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/spotify/spotify",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": "^(.*\\.?spotify\\.com)|(audio.+spotify.+\\.akamaized\\.net)|(.*\\.?scdn\\.co)$",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Spotify 2 - ads+telemetry.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:02:02.343313434+01:00",
"updated": "2021-03-26T15:02:02.343390075+01:00",
"name": "6 - Spotify 2 - ads+telemetry",
"enabled": true,
"precedence": false,
"action": "deny",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/spotify/spotify",
"list": []
}
}

31
root/etc/opensnitchd/rules/6 - Spotify 3 - internal ads+telemetry.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:02:16.687208851+01:00",
"updated": "2021-03-26T15:02:16.687359725+01:00",
"name": "6 - Spotify 3 - internal ads+telemetry",
"enabled": false,
"precedence": true,
"action": "deny",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/spotify/spotify\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \"^(ads(-.+)?\\\\.spotify\\\\.com)|(advancedtracker\\\\.spotify\\\\.com)|(analytics\\\\.spotify\\\\.com)|adlab\\\\.spotify\\\\.com|(crashdump(\\\\..+)?\\\\.spotify\\\\.com)|(log\\\\.spotify\\\\.com)|(log2\\\\.spotify\\\\.com)$\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/spotify/spotify",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": "^(ads(-.+)?\\.spotify\\.com)|(advancedtracker\\.spotify\\.com)|(analytics\\.spotify\\.com)|adlab\\.spotify\\.com|(crashdump(\\..+)?\\.spotify\\.com)|(log\\.spotify\\.com)|(log2\\.spotify\\.com)$",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Tor Browser ALL.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:02:09.109657936+01:00",
"updated": "2021-03-26T15:02:09.109691483+01:00",
"name": "6 - Tor Browser ALL",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/home/itsdrike/.config/tor-browser/app/Browser/TorBrowser/Tor/tor",
"list": []
}
}

16
root/etc/opensnitchd/rules/6 - Tor service.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:04:19.984514998+01:00",
"updated": "2021-03-26T15:04:19.984594133+01:00",
"name": "6 - Tor service",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/tor",
"list": []
}
}

38
root/etc/opensnitchd/rules/6 - VSCode HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:04:13.753378423+01:00",
"updated": "2021-03-26T15:04:13.75353041+01:00",
"name": "6 - VSCode HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"process.path\", \"data\": \"(\\\\/opt\\\\/visual-studio-code\\\\/code)|(\\\\/home\\\\/.+\\\\/\\\\.local\\\\/share\\\\/vscode\\\\/.+)\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "(\\/opt\\/visual-studio-code\\/code)|(\\/home\\/.+\\/\\.local\\/share\\/vscode\\/.+)",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Xsane (scanner software).json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:07:51.203426947+01:00",
"updated": "2021-03-26T15:07:51.203586715+01:00",
"name": "6 - Xsane (scanner software)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/xsane\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"161\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"255.255.255.255\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/xsane",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "161",
"list": null
},
{
"type": "simple",
"operand": "dest.ip",
"sensitive": false,
"data": "255.255.255.255",
"list": null
}
]
}
}

38
root/etc/opensnitchd/rules/6 - Zoom 1: needed.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:07:34.123428308+01:00",
"updated": "2021-03-26T15:07:34.123557306+01:00",
"name": "6 - Zoom 1: needed",
"enabled": true,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/zoom/zoom\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.port\", \"data\": \"^(8801|443)$\", \"sensitive\": false}, {\"type\": \"regexp\", \"operand\": \"dest.host\", \"data\": \".*\\\\.zoom\\\\.us\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/zoom/zoom",
"list": null
},
{
"type": "regexp",
"operand": "dest.port",
"sensitive": false,
"data": "^(8801|443)$",
"list": null
},
{
"type": "regexp",
"operand": "dest.host",
"sensitive": false,
"data": ".*\\.zoom\\.us",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/6 - Zoom 2: telemetry.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:07:42.402689917+01:00",
"updated": "2021-03-26T15:07:42.40277358+01:00",
"name": "6 - Zoom 2: telemetry",
"enabled": true,
"precedence": false,
"action": "deny",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/zoom/zoom",
"list": []
}
}

16
root/etc/opensnitchd/rules/6 - mpv.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:52:36.689049623+02:00",
"updated": "2021-04-02T23:52:36.689121835+02:00",
"name": "6 - mpv",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/mpv",
"list": []
}
}

16
root/etc/opensnitchd/rules/7 - DirMngr (Accessing OpenPGP Keyservers).json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:27:40.492145563+02:00",
"updated": "2021-04-02T23:27:40.492220477+02:00",
"name": "7 - DirMngr (Accessing OpenPGP Keyservers)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/dirmngr",
"list": []
}
}

38
root/etc/opensnitchd/rules/7 - DownloadHelper HTTPS.json
View file

@ -1,38 +0,0 @@
{
"created": "2021-03-26T15:06:58.026583665+01:00",
"updated": "2021-03-26T15:06:58.026700643+01:00",
"name": "7 - DownloadHelper HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/local/net.downloadhelper.coapp-1.6.1/bin/net.downloadhelper.coapp-linux-64\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/local/net.downloadhelper.coapp-1.6.1/bin/net.downloadhelper.coapp-linux-64",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/7 - Exodus HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:06:00.313939576+01:00",
"updated": "2021-03-26T15:06:00.314088658+01:00",
"name": "7 - Exodus HTTPS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/exodus/Exodus\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/exodus/Exodus",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - GImageReader.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-01T02:54:28.868922664+02:00",
"updated": "2021-04-01T02:54:28.868997421+02:00",
"name": "7 - GImageReader",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/gimagereader-qt5",
"list": []
}
}

31
root/etc/opensnitchd/rules/7 - Google Remote Desktop (Start).json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:08:32.002388702+01:00",
"updated": "2021-03-26T15:08:32.002444202+01:00",
"name": "7 - Google Remote Desktop (Start)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/google/chrome-remote-desktop/start-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/google/chrome-remote-desktop/start-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/7 - Google Remote Desktop (host).json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:08:40.676085602+01:00",
"updated": "2021-03-26T15:08:40.676199845+01:00",
"name": "7 - Google Remote Desktop (host)",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/google/chrome-remote-desktop/chrome-remote-desktop-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"3478\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/google/chrome-remote-desktop/chrome-remote-desktop-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "3478",
"list": null
}
]
}
}

31
root/etc/opensnitchd/rules/7 - Google remote desktop host HTTPS.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:08:48.779949158+01:00",
"updated": "2021-03-26T15:08:48.78007234+01:00",
"name": "7 - Google remote desktop host HTTPS",
"enabled": false,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/opt/google/chrome-remote-desktop/chrome-remote-desktop-host\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/google/chrome-remote-desktop/chrome-remote-desktop-host",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - MailSpring 2: mailsync.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:29:38.186802771+02:00",
"updated": "2021-04-02T23:29:38.186899772+02:00",
"name": "7 - MailSpring 2: mailsync",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/share/mailspring/resources/app.asar.unpacked/mailsync.bin",
"list": []
}
}

16
root/etc/opensnitchd/rules/7 - MailSpring.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-04-02T23:29:09.554510897+02:00",
"updated": "2021-04-02T23:29:09.554599422+02:00",
"name": "7 - MailSpring",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/share/mailspring/mailspring",
"list": []
}
}

16
root/etc/opensnitchd/rules/7 - NMap.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-27T22:17:47.411966515+01:00",
"updated": "2021-03-27T22:17:47.412029252+01:00",
"name": "7 - NMap",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/nmap",
"list": []
}
}

45
root/etc/opensnitchd/rules/7 - OBS.json
View file

@ -1,45 +0,0 @@
{
"created": "2021-03-26T15:06:19.416884298+01:00",
"updated": "2021-03-26T15:06:19.416964918+01:00",
"name": "7 - OBS",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/obs\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"443\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.host\", \"data\": \"obsproject.com\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/obs",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "443",
"list": null
},
{
"type": "simple",
"operand": "dest.host",
"sensitive": false,
"data": "obsproject.com",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - Portmaster ALL.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:09:05.172414932+01:00",
"updated": "2021-03-26T15:09:05.172493217+01:00",
"name": "7 - Portmaster ALL",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "\\/var\\/lib\\/portmaster\\/.*",
"list": []
}
}

31
root/etc/opensnitchd/rules/7 - Postgres UDP.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-03-26T15:07:12.074594056+01:00",
"updated": "2021-03-26T15:07:12.074724626+01:00",
"name": "7 - Postgres UDP",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"udp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/postgres\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "udp",
"list": null
},
{
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/usr/bin/postgres",
"list": null
}
]
}
}

16
root/etc/opensnitchd/rules/7 - Postman.json
View file

@ -1,16 +0,0 @@
{
"created": "2021-03-26T15:07:20.01066125+01:00",
"updated": "2021-03-26T15:07:20.010747563+01:00",
"name": "7 - Postman",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "process.path",
"sensitive": false,
"data": "/opt/postman/app/_Postman",
"list": []
}
}

31
root/etc/opensnitchd/rules/7 - SSH 22.json
View file

@ -1,31 +0,0 @@
{
"created": "2021-04-07T07:53:12.922862432+02:00",
"updated": "2021-04-07T07:53:12.922993954+02:00",
"name": "7 - SSH 22",
"enabled": true,
"precedence": false,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"sensitive": false,
"data": "[{\"type\": \"simple\", \"operand\": \"protocol\", \"data\": \"tcp\", \"sensitive\": false}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"22\", \"sensitive\": false}]",
"list": [
{
"type": "simple",
"operand": "protocol",
"sensitive": false,
"data": "tcp",
"list": null
},
{
"type": "simple",
"operand": "dest.port",
"sensitive": false,
"data": "22",
"list": null
}
]
}
}

105
root/etc/pacman.conf
View file

@ -1,105 +0,0 @@
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
Color
CheckSpace
VerbosePkgLists
#DisableDownloadTimeout
#ILoveCandy
ParallelDownloads = 8
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
# Use blackarch first, so that other indices can take precedence in
# versions, usually core/extra/community/multilib have newer versions
# in comparison to blackarch index
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist
[multilib]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

45
root/etc/profile
View file

@ -1,45 +0,0 @@
# /etc/profile
# Set umask, 027 might be too strict for some people. if that's the case
# you can fall back to 022 (allowing others to read everything by default)
# or even to 002 (allowing groups to write into files just like owners)
umask 022
# Append "$1" to $PATH when not already in.
# This function API is accessible to scripts in /etc/profile.d
append_path () {
case ":$PATH:" in
*:"$1":*)
;;
*)
PATH="${PATH:+$PATH:}$1"
esac
}
# Append our default paths
append_path '/sbin'
append_path '/usr/sbin'
append_path '/bin'
append_path '/usr/bin'
append_path '/usr/local/sbin'
append_path '/usr/local/bin'
# Force PATH to be environment
export PATH
# Load profiles from /etc/profile.d
if test -d /etc/profile.d/; then
for profile in /etc/profile.d/*.sh; do
test -r "$profile" && . "$profile"
done
unset profile
fi
# Unload our profile API functions
unset -f append_path
# Termcap is outdated, old, and crusty, kill it.
unset TERMCAP
# Man is much better than us at figuring this out
unset MANPATH

14
root/etc/resolv.conf
View file

@ -1,14 +0,0 @@
# DNS configuration, NetworkManager tends to override this
# but setting immutable flag to this file fixes that.
# This can be done by running chattr +i /etc/resolv.conf
# Prefer local pihole server, if aviable
nameserver 192.168.0.10
# Fallback on common DNS servers, in this order:
# NextDNS -> CloudFlare DNS -> ISP default DNS
nameserver 45.90.30.0
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 127.0.0.1
nameserver ::1

99
root/etc/sudoers
View file

@ -1,99 +0,0 @@
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
Defaults log_output
Defaults!/usr/bin/sudoreplay !log_output
Defaults!/usr/local/bin/sudoreplay !log_output
Defaults!REBOOT !log_output
# Add some fine insults
Defaults insults
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

2
root/etc/sudoers.d/brightness-mod
View file

@ -1,2 +0,0 @@
ALL ALL=(ALL) NOPASSWD: /usr/bin/tee /sys/class/backlight/intel_backlight/brightness

4
root/etc/sudoers.d/poweroff
View file

@ -1,4 +0,0 @@
ALL ALL=(ALL) NOPASSWD: /sbin/poweroff
ALL ALL=(ALL) NOPASSWD: /sbin/shutdown
ALL ALL=(ALL) NOPASSWD: /sbin/reboot

14
root/etc/systemd/system/paccache.timer
View file

@ -1,14 +0,0 @@
# Clean pacman cache of old and uninstalled packages every month
# This needs to be started by running `systemctl start paccache.timer`
# Usage requires `pacman-contrib` package to be installed
[Unit]
Description=Clean-up old pacman pkg
[Timer]
OnCalendar=weekly
AccuracySec=1h
Persistent=true
[Install]
WantedBy=timers.target