This are a strong privacy profiles for firejail and apparmor
A strong tight profile which has :
- A costom firewall
- gives a default dns
- privates every unnecessary folder
- for some untrusted software removes external partation access
- compleatelly removes root access
- filters seccomp
This proflie enforces all unwanted softwares from root and internet access.
also protects from boot time external script from running
- Just copy both profile to /etc/ directory
- run the following command
sudo firecfgsudo aa-enforce /etc/apparmor.d/*-
for apparmor make sure you have
apparmor-utilsinstalled depending on your distro
also make sure to check to set all necessary softwares to complain mode with
this following command :
sudo aa-complain the-necessary-software-name -
If a firejail profile fails to run a software or you need to run it in root with firejail. just use a text editor and
edit the profile by removing or adding # infront of the lines
which are:
noroot, seccomp, machine-id, ipc-namespace, nonewprivs, nogroups,
shell none, read-only, private-dev
-
- If you are running a server with sandbox firejail then add the port number of use to the following files :
tcpserver.net, webserver.net