chadmed/gentoo-asahi-releng
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

tools-hardened: desktop scripts migrated to GRS

Browse source 
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
This commit is contained in:
Anthony G. Basile 2020-12-19 15:33:19 -05:00
parent c6a9395dbb
commit f3a6d7dac5
No known key found for this signature in database
GPG key ID: 9384FA6EF52D4BBA
102 changed files with 0 additions and 41793 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
tools-hardened/desktop/README
View file

@ -1,51 +0,0 @@
Kernel Requirements:
====================
On the host system, these packages need to be installed:
* sys-kernel/hardened-sources-4.0.4-r3
* >=sys-kernel/linux-firmware-20131230
* sys-kernel/genkernel
Once you emerge these things, create a symbolic link of the hardened-sources
to point to "/usr/src/linux-tinhat".
After this you need to apply the Loop-AES patch by doing the following:
* cp ./configs/loop-AES-kernel.patch /usr/src/linux-tinhat/
Then apply the patch:
* cd /usr/src/linux-tinhat
* rm -f drivers/block/loop.c include/linux/loop.h
* patch -p1 < loop-AES-kernel.patch
Stage 3 tarball:
================
TinHat relies on a stage 3 tarball as it's seed to begin the chroot.
By default, it expects to see the tarball in:
"/var/tmp/catalyst/builds/hardened/amd64/stage3-amd64-hardened-latest.tar.bz2"
You can however inform TinHat of your own location of choice by passing it
as an environment variable: "STAGE3".
Feel free to grab a hardened amd64 stage3 of your choice at:
http://distfiles.gentoo.org/releases/amd64/autobuilds/
To run:
=======
ex.) STAGE3="/ministry/of/silly/walks/evil-rabbit.tar.bz2" ./<DM>-run.sh
or without the STAGE3 environment variable.
ex.) ./<DM-run.sh
Where <DM> is a desktop manager of three flavors of choice:
* Fluxbox
* Gnome3
* Xfce4
When your ISO is built, you can clean up by removing the th-<ARCH>-<DM>/
directory as it is no longer needed.
Enjoy! ;)

9
tools-hardened/desktop/configs/ABOUT.html
View file

@ -1,9 +0,0 @@
<HTML>
<HEAD>
<TITLE>Welcome to Tin Hat Linux</TITLE>
<META HTTP-EQUIV="refresh" content="10;URL=http://opensource.dyc.edu/tinhat">
</HEAD>
<BODY>
Redirecting to <A HREF="http://opensource.dyc.edu/tinhat">http://opensource.dyc.edu/tinhat</A> in 10 seconds ...
</BODY>
</HTML>

44
tools-hardened/desktop/configs/init
View file

@ -1,44 +0,0 @@
#!/bin/sh
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -o remount,rw /
/bin/mknod /dev/null c 1 3
/bin/mknod /dev/tty c 5 0
echo
echo "Waiting for slow devices ... "
echo
sleep 10
mdev -s
FOUND=''
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
do
if [ "x$FOUND" == "x" ]
then
/bin/mount /dev/${CDROM} /mnt/cdrom
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
fi
done
if [ "x$FOUND" == "x" ]
then
echo "Boot device not found, very confusing"
echo "Dropping to shell"
exec /bin/sh
fi
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
/bin/mount -o size=6g,nr_inodes=2m,mode=755 -t tmpfs none /mnt/tmpfs
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
/bin/umount /mnt/squashfs
/bin/umount /mnt/cdrom
/bin/umount /sys
/bin/umount /proc
exec /sbin/switch_root /mnt/tmpfs /usr/lib/systemd/systemd

44
tools-hardened/desktop/configs/init.1
View file

@ -1,44 +0,0 @@
#!/bin/sh
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -o remount,rw /
/bin/mknod /dev/null c 1 3
/bin/mknod /dev/tty c 5 0
echo
echo "Waiting for slow devices ... "
echo
sleep 10
mdev -s
FOUND=''
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
do
if [ "x$FOUND" == "x" ]
then
/bin/mount /dev/${CDROM} /mnt/cdrom
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
fi
done
if [ "x$FOUND" == "x" ]
then
echo "Boot device not found, very confusing"
echo "Dropping to shell"
exec /bin/sh
fi
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
/bin/mount -o size=3g,nr_inodes=1m,mode=755 -t tmpfs none /mnt/tmpfs
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
/bin/umount /mnt/squashfs
/bin/umount /mnt/cdrom
/bin/umount /sys
/bin/umount /proc
exec /sbin/switch_root /mnt/tmpfs /sbin/init

44
tools-hardened/desktop/configs/init.2
View file

@ -1,44 +0,0 @@
#!/bin/sh
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -o remount,rw /
/bin/mknod /dev/null c 1 3
/bin/mknod /dev/tty c 5 0
echo
echo "Waiting for slow devices ... "
echo
sleep 10
mdev -s
FOUND=''
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
do
if [ "x$FOUND" == "x" ]
then
/bin/mount /dev/${CDROM} /mnt/cdrom
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
fi
done
if [ "x$FOUND" == "x" ]
then
echo "Boot device not found, very confusing"
echo "Dropping to shell"
exec /bin/sh
fi
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
/bin/mount -o size=4g,nr_inodes=1m,mode=755 -t tmpfs none /mnt/tmpfs
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
/bin/umount /mnt/squashfs
/bin/umount /mnt/cdrom
/bin/umount /sys
/bin/umount /proc
exec /sbin/switch_root /mnt/tmpfs /sbin/init

9026
tools-hardened/desktop/configs/loop-AES-kernel.patch
View file

File diff suppressed because it is too large Load diff

4
tools-hardened/desktop/configs/menu.lst
View file

@ -1,4 +0,0 @@
timeout 10
title TinHat
kernel /boot/tinhat
initrd /boot/tinhat.igz

5
tools-hardened/desktop/configs/syslinux.cfg
View file

@ -1,5 +0,0 @@
default TinHat
timeout 1
label TinHat
kernel tinhat
append initrd=tinhat.igz

3211
tools-hardened/desktop/files/3.13.5-hardened.config
View file

File diff suppressed because one or more lines are too long

3237
tools-hardened/desktop/files/3.14.2-hardened-r1.config
View file

File diff suppressed because one or more lines are too long

3273
tools-hardened/desktop/files/3.15.8-hardened.config
View file

File diff suppressed because one or more lines are too long

3319
tools-hardened/desktop/files/3.17.7-hardened-r1.config
View file

File diff suppressed because one or more lines are too long

3373
tools-hardened/desktop/files/3.19.2-hardened-r1.config
View file

File diff suppressed because one or more lines are too long

2854
tools-hardened/desktop/files/3.7.5-hardened.config
View file

File diff suppressed because it is too large Load diff

3507
tools-hardened/desktop/files/4.0.4-hardened-r2.config
View file

File diff suppressed because one or more lines are too long

3507
tools-hardened/desktop/files/4.0.4-hardened-r3.config
View file

File diff suppressed because one or more lines are too long

71
tools-hardened/desktop/files/Encrypt/howto-loop-aes.txt
View file

@ -1,71 +0,0 @@
- First make the key file. To make things easy, I've given you a script. Just run
./mkkey.sh
to generate key.gpg This file contains 65 random keys in an ascii armored gpg
file. (See the reference below for details.)
If this is slow, do some work. (It depends on /dev/random which blocks on system entropy.)
Put it somewhere. A USB stick is good. You can't put it on the filesystem since
it lives only in RAM. Once you reboot, poof! and no more access to your data.
You have been warned!
You have been warned!
You have been warned!
- Fill your drive with random data. Replace sda with your device.
head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 | losetup -p 0 -e AES256 /dev/loop3 /dev/sda
dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null
losetup -d /dev/loop3
- Add the following line to /etc/fstab
/dev/sda /mnt/mpoint ext3 defaults,noauto,loop=/dev/loop3,encryption=AES256,gpgkey=/path/to/key.gpg 0 0
Change /mnt/mpoint to whatever mount point you like. Change /path/to to
wherever your key lives.
NOTE: We are using the entire drive as one partition.
- Lay down a filesystem on your encrypted partition:
losetup -F /dev/loop3
mke2fs -j /dev/loop3
losetup -d /dev/loop3
- Mount the partition:
mount /mnt/mpoint
You may now use that filesystem as usual.
- Umount the parition:
umount /mnt/mpoint
- Every so often, you should do an fsck on the filesystem. Make sure its
unmount, and then:
losetup -F /dev/loop3
fsck -f -y /dev/loop3
losetup -d /dev/loop3
--------------------------------------------------------------------------------
REFERENCE: This howto derived from section 7.2 of
http://loop-aes.sourceforge.net/loop-AES.README
See that howto for more information on the loop-aes patch.

4
tools-hardened/desktop/files/Encrypt/mkkey.sh
View file

@ -1,4 +0,0 @@
#!/bin/bash
eval 'gpg-agent --daemon --use-standard-socket'
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a > key.gpg

6
tools-hardened/desktop/files/Save/clean-docs.sh
View file

@ -1,6 +0,0 @@
#!/bin/bash
rm -rf /usr/share/doc/*
rm -rf /usr/share/gnome/help/*
rm -rf /usr/share/gtk-doc/*

58
tools-hardened/desktop/files/Save/clean.sh
View file

@ -1,58 +0,0 @@
#!/bin/bash
rm -rf /root/.ssh
rm -f /root/.bash_history /root/.lesshst /root/.recently-used.xbel /root/.recently-used.xbel /root/.viminfo
rm -f /etc/ssh/ssh_host_*
rm -f /etc/udev/rules.d/70-persistent-cd.rules /etc/udev/rules.d/70-persistent-net.rules
rm -f /var/lib/dhcpcd-eth*
rm -f /var/lib/dhcpcd/*
>/var/log/everything/current
rm -f /var/log/everything/log*
>/var/log/critical/current
rm -f /var/log/critical/log*
>/var/log/cron/current
rm -f /var/log/cron/log*
>/var/log/mail/current
rm -f /var/log/mail/log*
>/var/log/pm-powersave.log
rm -f /var/log/pm-powersave/log*
>/var/log/pwdfail/current
rm -f /var/log/pwdfail/log*
>/var/log/tallylog
>/var/log/sshd/current
rm -f /var/log/sshd/log*
>/var/log/kernel/current
rm -f /var/log/kernel/log*
>/var/log/gdm/:0.log
rm -f /var/log/gdm/:0.log.*
>/var/log/Xorg.0.log
rm -f /var/log/Xorg.0.log.old
>/var/log/dmesg
>/var/log/emerge.log
>/var/log/emerge-fetch.log
>/var/log/faillog
>/var/log/genkernel.log
>/var/log/lastlog
>/var/log/wtmp
>/var/log/portage/elog/summary.log
>/var/log/ConsoleKit/history
find /var/log/ -size +1c -type f

10
tools-hardened/desktop/files/Save/configs/ABOUT.html
View file

@ -1,10 +0,0 @@
<HTML>
<HEAD>
<TITLE>Welcome to Tin Hat Linux</TITLE>
<META HTTP-EQUIV="refresh" content="10;URL=http://opensource.dyc.edu/tinhat">
</HEAD>
<BODY>
Redirecting to <A HREF="http://opensource.dyc.edu/tinhat">http://opensource.dyc.edu/tinhat</A> in 10 seconds ...
</BODY>
</HTML>

45
tools-hardened/desktop/files/Save/configs/init
View file

@ -1,45 +0,0 @@
#!/bin/sh
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -o remount,rw /
/bin/mknod /dev/null c 1 3
/bin/mknod /dev/tty c 5 0
echo
echo "Waiting for slow devices ... "
echo
sleep 10
mdev -s
FOUND=''
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
do
if [ "x$FOUND" == "x" ]
then
/bin/mount /dev/${CDROM} /mnt/cdrom
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
fi
done
if [ "x$FOUND" == "x" ]
then
echo "Boot device not found, very confusing"
echo "Dropping to shell"
exec /bin/sh
fi
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
/bin/mount -o size=3400m,nr_inodes=1m,mode=755 -t tmpfs none /mnt/tmpfs
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
/bin/umount /mnt/squashfs
/bin/umount /mnt/cdrom
/bin/umount /sys
/bin/umount /proc
exec /sbin/switch_root /mnt/tmpfs /sbin/init

2404
tools-hardened/desktop/files/Save/configs/kernel-3.3.8.config
View file

File diff suppressed because it is too large Load diff

4
tools-hardened/desktop/files/Save/configs/menu.lst
View file

@ -1,4 +0,0 @@
timeout 10
title TinHat
kernel /boot/tinhat
initrd /boot/tinhat.igz

6
tools-hardened/desktop/files/Save/configs/syslinux.cfg
View file

@ -1,6 +0,0 @@
default TinHat
timeout 1
label TinHat
kernel tinhat
append initrd=tinhat.igz

32
tools-hardened/desktop/files/Save/howto-save.txt
View file

@ -1,32 +0,0 @@
1. To save your running Tin Hat system, first prepare a working directory:
sudo su -
cd ~
cp -a ~thuser/Save .
cd Save
chmod 755 *.sh
2. If you want to clean out logs, ssh keys, udev persistent rules (eg. for a
prestine release), then
./clean.sh
3. If you want information about your release, then
./info.sh
4. To make the ISO, do
./make.sh
5. After having made the ISO, you can optionally transfer the image to a pen drive
using
./iso2usb.sh

11
tools-hardened/desktop/files/Save/info.sh
View file

@ -1,11 +0,0 @@
#!/bin/bash
[ $(uname -m) == "x86_64" ] && ARCH=amd64
[ $(uname -m) == "i686" ] && ARCH=i686
cat /etc/make.conf > make-conf.${ARCH}.txt
emerge --info > emerge-info.${ARCH}.txt
epm -qa | sort > epm-qa.${ARCH}.txt
emerge -vep world > emerge-world.${ARCH}.txt
zcat /proc/config.gz > kernel-config.${ARCH}.txt

96
tools-hardened/desktop/files/Save/iso2usb.sh
View file

@ -1,96 +0,0 @@
#!/bin/bash
WORKING=$(pwd)
welcome ()
{
echo
echo "================================================================================"
echo "= This script will transfer the contents of a bootable iso to a usb stick. ="
echo "= ="
echo "= WARNING: IT WILL DESTROY THE CONTENTS OF THE USB STICK!!! ="
echo "= ="
echo "================================================================================"
echo
}
check ()
{
echo
echo "Enter the device name of the USB drive, eg sda "
echo "Don't worry, I'll show you the device's partition table before we wipe it "
echo
echo -n "Device: "
read DEVICE
echo
parted /dev/${DEVICE} print
echo -n "Are you sure? (Type uppercase yes): "
read ANSWER
if [[ $ANSWER != "YES" ]] ; then
echo
echo "ABORT! ABORT! ABORT!"
echo
exit
fi
}
partition ()
{
dd if=/dev/zero of=/dev/${DEVICE} bs=1 count=1024 >/dev/null 2>&1
dd if=/usr/lib/syslinux/mbr.bin of=/dev/${DEVICE} >/dev/null 2>&1
parted -s /dev/${DEVICE} mklabel msdos mkpartfs primary fat32 0 100% >/dev/null 2>&1
parted -s /dev/${DEVICE} set 1 boot >/dev/null 2>&1
}
copyiso()
{
echo
echo "Enter the name of the iso image relative to ${WORKING} "
echo
echo -n "Name: "
read IMAGE
if [[ ! -f ${WORKING}/${IMAGE} ]] ; then
echo
echo "Cannot find iso image, exiting."
echo
exit
fi
cd ${WORKING}
mkdir -p iso usb
mount -o loop ${IMAGE} iso
mount /dev/${DEVICE}1 usb
cp iso/tinroot usb
cp iso/boot/tinhat usb
cp iso/boot/tinhat.igz usb
cp configs/syslinux.cfg usb
umount iso && rmdir iso
umount usb && rmdir usb
}
finishup()
{
syslinux /dev/${DEVICE}1
}
welcome
check
partition
copyiso
finishup

134
tools-hardened/desktop/files/Save/make.sh
View file

@ -1,134 +0,0 @@
#!/bin/bash
WORKING=$(pwd)
SKIP=$(echo $WORKING | sed -e 's/^\///')
welcome()
{
echo
echo "================================================================================"
echo "= Building iso image from template ... ="
echo "= Hit Control-C at any continuation prompt to stop at that point ="
echo "================================================================================"
echo
}
cleanup()
{
echo
echo "================================================================================"
echo "= Cleaning up any remaining tmp files from previous builds ="
echo "= Removing ramdisk.iso tinhat.igz init/ iso/ ="
echo "================================================================================"
echo -n "Continue? "
read ANSWER
cd ${WORKING}
rm -f ramdisk.iso
rm -f tinhat.igz
rm -rf init
rm -rf iso
}
mkinitramfs()
{
echo
echo "================================================================================"
echo "= Building initramfs image which will be named tinhat.igz ="
echo "================================================================================"
echo -n "Continue? "
read ANSWER
cd ${WORKING}
mkdir init
cd init
mkdir -p bin dev etc mnt/cdrom mnt/squashfs mnt/tmpfs proc sbin sys tmp usr/bin usr/sbin var
cp ../configs/busybox bin
cp ../configs/init .
chmod 755 bin/busybox
chmod 755 init
chroot . /bin/busybox --install -s
find . | cpio -H newc -o | gzip -9 > ../tinhat.igz
cd ${WORKING}
rm -rf init
}
mkiso()
{
echo
echo "================================================================================"
echo "= Building the iso image which will be named ramdisk.iso ="
echo "================================================================================"
echo -n "Continue? "
read ANSWER
cd ${WORKING}
mkdir -p iso/boot/grub
mv tinhat.igz iso/boot
cp -L /boot/kernel iso/boot/tinhat
cp /lib/grub/i386-pc/stage2_eltorito iso/boot/grub
cp configs/menu.lst iso/boot/grub/menu.lst
mkdir -p root
mount -o ro --bind / root
mksquashfs root iso/tinroot -e usr/portage $SKIP usr/src var/cache/edb
umount root
rmdir root
cp configs/ABOUT.html iso/ABOUT.html
mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -o ramdisk.iso iso
rm -rf iso
cd ${WORKING}
}
nameit()
{
echo
echo "================================================================================"
echo "= Renaming the iso image as th-ARCH-DATE.iso ="
echo "================================================================================"
echo -n "Continue? "
read ANSWER
echo
echo -n "Enter the RC suffix, empty for none: "
read RC
[ $(uname -m) == "x86_64" ] && ARCH="amd64"
[ $(uname -m) == "i686" ] && ARCH="i686"
DATE=$(date +%Y%m%d)
[ -z $RC ] && NAME="th-${ARCH}-${DATE}.iso" || NAME="th-${ARCH}-${DATE}-${RC}.iso"
[ -f ramdisk.iso ] && mv ramdisk.iso $NAME || echo "Can't name ramdisk.iso, I didn't find it."
}
welcome
cleanup
mkinitramfs
mkiso
nameit

25
tools-hardened/desktop/files/Utilities/README
View file

@ -1,25 +0,0 @@
This directory contains utilities which are relavant to
Tin Hat's design goals. . As of the current release,
there is only one, but more will be added.
1. checksec.sh - Checks binaries or running processes for
the following security enhancements:
RELRO - Default Read Only Marking.
STACK CANARY (aka SSP) - Stack Smashing Protector
NX - No eXecute
PIE - Position Independent Executables
ASLR - Address Space Layout Randomization
For a better explanation of these see
http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml
http://en.wikipedia.org/wiki/NX_bit
http://en.wikipedia.org/wiki/ASLR
This script was written by Tobias Klein. Thank you!
See his informative blog at
http://www.trapkit.de

883
tools-hardened/desktop/files/Utilities/checksec.sh
View file

@ -1,883 +0,0 @@
#!/bin/bash
#
# The BSD License (http://www.opensource.org/licenses/bsd-license.php)
# specifies the terms and conditions of use for checksec.sh:
#
# Copyright (c) 2009-2011, Tobias Klein.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Tobias Klein nor the name of trapkit.de may be
# used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
# DAMAGE.
#
# Name : checksec.sh
# Version : 1.5
# Author : Tobias Klein
# Date : November 2011
# Download: http://www.trapkit.de/tools/checksec.html
# Changes : http://www.trapkit.de/tools/checksec_changes.txt
#
# Description:
#
# Modern Linux distributions offer some mitigation techniques to make it
# harder to exploit software vulnerabilities reliably. Mitigations such
# as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout
# Randomization (ASLR) and Position Independent Executables (PIE) have
# made reliably exploiting any vulnerabilities that do exist far more
# challenging. The checksec.sh script is designed to test what *standard*
# Linux OS and PaX (http://pax.grsecurity.net/) security features are being
# used.
#
# As of version 1.3 the script also lists the status of various Linux kernel
# protection mechanisms.
#
# Credits:
#
# Thanks to Brad Spengler (grsecurity.net) for the PaX support.
# Thanks to Jon Oberheide (jon.oberheide.org) for the kernel support.
# Thanks to Ollie Whitehouse (Research In Motion) for rpath/runpath support.
#
# Others that contributed to checksec.sh (in no particular order):
#
# Simon Ruderich, Denis Scherbakov, Stefan Kuttler, Radoslaw Madej,
# Anthony G. Basile, Martin Vaeth and Brian Davis.
#
# global vars
have_readelf=1
verbose=false
# FORTIFY_SOURCE vars
FS_end=_chk
FS_cnt_total=0
FS_cnt_checked=0
FS_cnt_unchecked=0
FS_chk_func_libc=0
FS_functions=0
FS_libc=0
# version information
version() {
echo "checksec v1.5, Tobias Klein, www.trapkit.de, November 2011"
echo
}
# help
help() {
echo "Usage: checksec [OPTION]"
echo
echo "Options:"
echo
echo " --file <executable-file>"
echo " --dir <directory> [-v]"
echo " --proc <process name>"
echo " --proc-all"
echo " --proc-libs <process ID>"
echo " --kernel"
echo " --fortify-file <executable-file>"
echo " --fortify-proc <process ID>"
echo " --version"
echo " --help"
echo
echo "For more information, see:"
echo " http://www.trapkit.de/tools/checksec.html"
echo
}
# check if command exists
command_exists () {
type $1 > /dev/null 2>&1;
}
# check if directory exists
dir_exists () {
if [ -d $1 ] ; then
return 0
else
return 1
fi
}
# check user privileges
root_privs () {
if [ $(/usr/bin/id -u) -eq 0 ] ; then
return 0
else
return 1
fi
}
# check if input is numeric
isNumeric () {
echo "$@" | grep -q -v "[^0-9]"
}
# check if input is a string
isString () {
echo "$@" | grep -q -v "[^A-Za-z]"
}
# check file(s)
filecheck() {
# check for RELRO support
if readelf -l $1 2>/dev/null | grep -q 'GNU_RELRO'; then
if readelf -d $1 2>/dev/null | grep -q 'BIND_NOW'; then
echo -n -e '\033[32mFull RELRO \033[m '
else
echo -n -e '\033[33mPartial RELRO\033[m '
fi
else
echo -n -e '\033[31mNo RELRO \033[m '
fi
# check for stack canary support
if readelf -s $1 2>/dev/null | grep -q '__stack_chk_fail'; then
echo -n -e '\033[32mCanary found \033[m '
else
echo -n -e '\033[31mNo canary found\033[m '
fi
# check for NX support
if readelf -W -l $1 2>/dev/null | grep 'GNU_STACK' | grep -q 'RWE'; then
echo -n -e '\033[31mNX disabled\033[m '
else
echo -n -e '\033[32mNX enabled \033[m '
fi
# check for PIE support
if readelf -h $1 2>/dev/null | grep -q 'Type:[[:space:]]*EXEC'; then
echo -n -e '\033[31mNo PIE \033[m '
elif readelf -h $1 2>/dev/null | grep -q 'Type:[[:space:]]*DYN'; then
if readelf -d $1 2>/dev/null | grep -q '(DEBUG)'; then
echo -n -e '\033[32mPIE enabled \033[m '
else
echo -n -e '\033[33mDSO \033[m '
fi
else
echo -n -e '\033[33mNot an ELF file\033[m '
fi
# check for rpath / run path
if readelf -d $1 2>/dev/null | grep -q 'rpath'; then
echo -n -e '\033[31mRPATH \033[m '
else
echo -n -e '\033[32mNo RPATH \033[m '
fi
if readelf -d $1 2>/dev/null | grep -q 'runpath'; then
echo -n -e '\033[31mRUNPATH \033[m '
else
echo -n -e '\033[32mNo RUNPATH \033[m '
fi
}
# check process(es)
proccheck() {
# check for RELRO support
if readelf -l $1/exe 2>/dev/null | grep -q 'Program Headers'; then
if readelf -l $1/exe 2>/dev/null | grep -q 'GNU_RELRO'; then
if readelf -d $1/exe 2>/dev/null | grep -q 'BIND_NOW'; then
echo -n -e '\033[32mFull RELRO \033[m '
else
echo -n -e '\033[33mPartial RELRO \033[m '
fi
else
echo -n -e '\033[31mNo RELRO \033[m '
fi
else
echo -n -e '\033[31mPermission denied (please run as root)\033[m\n'
exit 1
fi
# check for stack canary support
if readelf -s $1/exe 2>/dev/null | grep -q 'Symbol table'; then
if readelf -s $1/exe 2>/dev/null | grep -q '__stack_chk_fail'; then
echo -n -e '\033[32mCanary found \033[m '
else
echo -n -e '\033[31mNo canary found \033[m '
fi
else
if [ "$1" != "1" ] ; then
echo -n -e '\033[33mPermission denied \033[m '
else
echo -n -e '\033[33mNo symbol table found\033[m '
fi
fi
# first check for PaX support
if cat $1/status 2> /dev/null | grep -q 'PaX:'; then
pageexec=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b6) )
segmexec=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b10) )
mprotect=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b8) )
randmmap=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b9) )
if [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "M" && "$randmmap" = "R" ]] ; then
echo -n -e '\033[32mPaX enabled\033[m '
elif [[ "$pageexec" = "p" && "$segmexec" = "s" && "$randmmap" = "R" ]] ; then
echo -n -e '\033[33mPaX ASLR only\033[m '
elif [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "m" && "$randmmap" = "R" ]] ; then
echo -n -e '\033[33mPaX mprot off \033[m'
elif [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "M" && "$randmmap" = "r" ]] ; then
echo -n -e '\033[33mPaX ASLR off\033[m '
elif [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "m" && "$randmmap" = "r" ]] ; then
echo -n -e '\033[33mPaX NX only\033[m '
else
echo -n -e '\033[31mPaX disabled\033[m '
fi
# fallback check for NX support
elif readelf -W -l $1/exe 2>/dev/null | grep 'GNU_STACK' | grep -q 'RWE'; then
echo -n -e '\033[31mNX disabled\033[m '
else
echo -n -e '\033[32mNX enabled \033[m '
fi
# check for PIE support
if readelf -h $1/exe 2>/dev/null | grep -q 'Type:[[:space:]]*EXEC'; then
echo -n -e '\033[31mNo PIE \033[m '
elif readelf -h $1/exe 2>/dev/null | grep -q 'Type:[[:space:]]*DYN'; then
if readelf -d $1/exe 2>/dev/null | grep -q '(DEBUG)'; then
echo -n -e '\033[32mPIE enabled \033[m '
else
echo -n -e '\033[33mDynamic Shared Object\033[m '
fi
else
echo -n -e '\033[33mNot an ELF file \033[m '
fi
}
# check mapped libraries
libcheck() {
libs=( $(awk '{ print $6 }' /proc/$1/maps | grep '/' | sort -u | xargs file | grep ELF | awk '{ print $1 }' | sed 's/:/ /') )
printf "\n* Loaded libraries (file information, # of mapped files: ${#libs[@]}):\n\n"
for element in $(seq 0 $((${#libs[@]} - 1)))
do
echo " ${libs[$element]}:"
echo -n " "
filecheck ${libs[$element]}
printf "\n\n"
done
}
# check for system-wide ASLR support
aslrcheck() {
# PaX ASLR support
if !(cat /proc/1/status 2> /dev/null | grep -q 'Name:') ; then
echo -n -e ':\033[33m insufficient privileges for PaX ASLR checks\033[m\n'
echo -n -e ' Fallback to standard Linux ASLR check'
fi
if cat /proc/1/status 2> /dev/null | grep -q 'PaX:'; then
printf ": "
if cat /proc/1/status 2> /dev/null | grep 'PaX:' | grep -q 'R'; then
echo -n -e '\033[32mPaX ASLR enabled\033[m\n\n'
else
echo -n -e '\033[31mPaX ASLR disabled\033[m\n\n'
fi
else
# standard Linux 'kernel.randomize_va_space' ASLR support
# (see the kernel file 'Documentation/sysctl/kernel.txt' for a detailed description)
printf " (kernel.randomize_va_space): "
if /sbin/sysctl -a 2>/dev/null | grep -q 'kernel.randomize_va_space = 1'; then
echo -n -e '\033[33mOn (Setting: 1)\033[m\n\n'
printf " Description - Make the addresses of mmap base, stack and VDSO page randomized.\n"
printf " This, among other things, implies that shared libraries will be loaded to \n"
printf " random addresses. Also for PIE-linked binaries, the location of code start\n"
printf " is randomized. Heap addresses are *not* randomized.\n\n"
elif /sbin/sysctl -a 2>/dev/null | grep -q 'kernel.randomize_va_space = 2'; then
echo -n -e '\033[32mOn (Setting: 2)\033[m\n\n'
printf " Description - Make the addresses of mmap base, heap, stack and VDSO page randomized.\n"
printf " This, among other things, implies that shared libraries will be loaded to random \n"
printf " addresses. Also for PIE-linked binaries, the location of code start is randomized.\n\n"
elif /sbin/sysctl -a 2>/dev/null | grep -q 'kernel.randomize_va_space = 0'; then
echo -n -e '\033[31mOff (Setting: 0)\033[m\n'
else
echo -n -e '\033[31mNot supported\033[m\n'
fi
printf " See the kernel file 'Documentation/sysctl/kernel.txt' for more details.\n\n"
fi
}
# check cpu nx flag
nxcheck() {
if grep -q nx /proc/cpuinfo; then
echo -n -e '\033[32mYes\033[m\n\n'
else
echo -n -e '\033[31mNo\033[m\n\n'
fi
}
# check for kernel protection mechanisms
kernelcheck() {
printf " Description - List the status of kernel protection mechanisms. Rather than\n"
printf " inspect kernel mechanisms that may aid in the prevention of exploitation of\n"
printf " userspace processes, this option lists the status of kernel configuration\n"
printf " options that harden the kernel itself against attack.\n\n"
printf " Kernel config: "
if [ -f /proc/config.gz ] ; then
kconfig="zcat /proc/config.gz"
printf "\033[32m/proc/config.gz\033[m\n\n"
elif [ -f /boot/config-`uname -r` ] ; then
kconfig="cat /boot/config-`uname -r`"
printf "\033[33m/boot/config-`uname -r`\033[m\n\n"
printf " Warning: The config on disk may not represent running kernel config!\n\n";
elif [ -f "${KBUILD_OUTPUT:-/usr/src/linux}"/.config ] ; then
kconfig="cat ${KBUILD_OUTPUT:-/usr/src/linux}/.config"
printf "\033[33m%s\033[m\n\n" "${KBUILD_OUTPUT:-/usr/src/linux}/.config"
printf " Warning: The config on disk may not represent running kernel config!\n\n";
else
printf "\033[31mNOT FOUND\033[m\n\n"
exit 0
fi
printf " GCC stack protector support: "
if $kconfig | grep -qi 'CONFIG_CC_STACKPROTECTOR=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Strict user copy checks: "
if $kconfig | grep -qi 'CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Enforce read-only kernel data: "
if $kconfig | grep -qi 'CONFIG_DEBUG_RODATA=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Restrict /dev/mem access: "
if $kconfig | grep -qi 'CONFIG_STRICT_DEVMEM=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Restrict /dev/kmem access: "
if $kconfig | grep -qi 'CONFIG_DEVKMEM=y'; then
printf "\033[31mDisabled\033[m\n"
else
printf "\033[32mEnabled\033[m\n"
fi
printf "\n"
printf "* grsecurity / PaX: "
if $kconfig | grep -qi 'CONFIG_GRKERNSEC=y'; then
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_HIGH=y'; then
printf "\033[32mHigh GRKERNSEC\033[m\n\n"
elif $kconfig | grep -qi 'CONFIG_GRKERNSEC_MEDIUM=y'; then
printf "\033[33mMedium GRKERNSEC\033[m\n\n"
elif $kconfig | grep -qi 'CONFIG_GRKERNSEC_LOW=y'; then
printf "\033[31mLow GRKERNSEC\033[m\n\n"
else
printf "\033[33mCustom GRKERNSEC\033[m\n\n"
fi
printf " Non-executable kernel pages: "
if $kconfig | grep -qi 'CONFIG_PAX_KERNEXEC=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Prevent userspace pointer deref: "
if $kconfig | grep -qi 'CONFIG_PAX_MEMORY_UDEREF=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Prevent kobject refcount overflow: "
if $kconfig | grep -qi 'CONFIG_PAX_REFCOUNT=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Bounds check heap object copies: "
if $kconfig | grep -qi 'CONFIG_PAX_USERCOPY=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Disable writing to kmem/mem/port: "
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_KMEM=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Disable privileged I/O: "
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_IO=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Harden module auto-loading: "
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_MODHARDEN=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
printf " Hide kernel symbols: "
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_HIDESYM=y'; then
printf "\033[32mEnabled\033[m\n"
else
printf "\033[31mDisabled\033[m\n"
fi
else
printf "\033[31mNo GRKERNSEC\033[m\n\n"
printf " The grsecurity / PaX patchset is available here:\n"
printf " http://grsecurity.net/\n"
fi
printf "\n"
printf "* Kernel Heap Hardening: "
if $kconfig | grep -qi 'CONFIG_KERNHEAP=y'; then
if $kconfig | grep -qi 'CONFIG_KERNHEAP_FULLPOISON=y'; then
printf "\033[32mFull KERNHEAP\033[m\n\n"
else
printf "\033[33mPartial KERNHEAP\033[m\n\n"
fi
else
printf "\033[31mNo KERNHEAP\033[m\n\n"
printf " The KERNHEAP hardening patchset is available here:\n"
printf " https://www.subreption.com/kernheap/\n\n"
fi
}
# --- FORTIFY_SOURCE subfunctions (start) ---
# is FORTIFY_SOURCE supported by libc?
FS_libc_check() {
printf "* FORTIFY_SOURCE support available (libc) : "
if [ "${#FS_chk_func_libc[@]}" != "0" ] ; then
printf "\033[32mYes\033[m\n"
else
printf "\033[31mNo\033[m\n"
exit 1
fi
}
# was the binary compiled with FORTIFY_SOURCE?
FS_binary_check() {
printf "* Binary compiled with FORTIFY_SOURCE support: "
for FS_elem_functions in $(seq 0 $((${#FS_functions[@]} - 1)))
do
if [[ ${FS_functions[$FS_elem_functions]} =~ _chk ]] ; then
printf "\033[32mYes\033[m\n"
return
fi
done
printf "\033[31mNo\033[m\n"
exit 1
}
FS_comparison() {
echo
printf " ------ EXECUTABLE-FILE ------- . -------- LIBC --------\n"
printf " FORTIFY-able library functions | Checked function names\n"
printf " -------------------------------------------------------\n"
for FS_elem_libc in $(seq 0 $((${#FS_chk_func_libc[@]} - 1)))
do
for FS_elem_functions in $(seq 0 $((${#FS_functions[@]} - 1)))
do
FS_tmp_func=${FS_functions[$FS_elem_functions]}
FS_tmp_libc=${FS_chk_func_libc[$FS_elem_libc]}
if [[ $FS_tmp_func =~ ^$FS_tmp_libc$ ]] ; then
printf " \033[31m%-30s\033[m | __%s%s\n" $FS_tmp_func $FS_tmp_libc $FS_end
let FS_cnt_total++
let FS_cnt_unchecked++
elif [[ $FS_tmp_func =~ ^$FS_tmp_libc(_chk) ]] ; then
printf " \033[32m%-30s\033[m | __%s%s\n" $FS_tmp_func $FS_tmp_libc $FS_end
let FS_cnt_total++
let FS_cnt_checked++
fi
done
done
}
FS_summary() {
echo
printf "SUMMARY:\n\n"
printf "* Number of checked functions in libc : ${#FS_chk_func_libc[@]}\n"
printf "* Total number of library functions in the executable: ${#FS_functions[@]}\n"
printf "* Number of FORTIFY-able functions in the executable : %s\n" $FS_cnt_total
printf "* Number of checked functions in the executable : \033[32m%s\033[m\n" $FS_cnt_checked
printf "* Number of unchecked functions in the executable : \033[31m%s\033[m\n" $FS_cnt_unchecked
echo
}
# --- FORTIFY_SOURCE subfunctions (end) ---
if !(command_exists readelf) ; then
printf "\033[31mWarning: 'readelf' not found! It's required for most checks.\033[m\n\n"
have_readelf=0
fi
# parse command-line arguments
case "$1" in
--version)
version
exit 0
;;
--help)
help
exit 0
;;
--dir)
if [ "$3" = "-v" ] ; then
verbose=true
fi
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
if [ -z "$2" ] ; then
printf "\033[31mError: Please provide a valid directory.\033[m\n\n"
exit 1
fi
# remove trailing slashes
tempdir=`echo $2 | sed -e "s/\/*$//"`
if [ ! -d $tempdir ] ; then
printf "\033[31mError: The directory '$tempdir' does not exist.\033[m\n\n"
exit 1
fi
cd $tempdir
printf "RELRO STACK CANARY NX PIE RPATH RUNPATH FILE\n"
for N in [A-Za-z]*; do
if [ "$N" != "[A-Za-z]*" ]; then
# read permissions?
if [ ! -r $N ]; then
printf "\033[31mError: No read permissions for '$tempdir/$N' (run as root).\033[m\n"
else
# ELF executable?
out=`file $N`
if [[ ! $out =~ ELF ]] ; then
if [ "$verbose" = "true" ] ; then
printf "\033[34m*** Not an ELF file: $tempdir/"
file $N
printf "\033[m"
fi
else
filecheck $N
if [ `find $tempdir/$N \( -perm -004000 -o -perm -002000 \) -type f -print` ]; then
printf "\033[37;41m%s%s\033[m" $2 $N
else
printf "%s%s" $tempdir/ $N
fi
echo
fi
fi
fi
done
exit 0
;;
--file)
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
if [ -z "$2" ] ; then
printf "\033[31mError: Please provide a valid file.\033[m\n\n"
exit 1
fi
# does the file exist?
if [ ! -e $2 ] ; then
printf "\033[31mError: The file '$2' does not exist.\033[m\n\n"
exit 1
fi
# read permissions?
if [ ! -r $2 ] ; then
printf "\033[31mError: No read permissions for '$2' (run as root).\033[m\n\n"
exit 1
fi
# ELF executable?
out=`file $2`
if [[ ! $out =~ ELF ]] ; then
printf "\033[31mError: Not an ELF file: "
file $2
printf "\033[m\n"
exit 1
fi
printf "RELRO STACK CANARY NX PIE RPATH RUNPATH FILE\n"
filecheck $2
if [ `find $2 \( -perm -004000 -o -perm -002000 \) -type f -print` ] ; then
printf "\033[37;41m%s%s\033[m" $2 $N
else
printf "%s" $2
fi
echo
exit 0
;;
--proc-all)
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
cd /proc
printf "* System-wide ASLR"
aslrcheck
printf "* Does the CPU support NX: "
nxcheck
printf " COMMAND PID RELRO STACK CANARY NX/PaX PIE\n"
for N in [1-9]*; do
if [ $N != $$ ] && readlink -q $N/exe > /dev/null; then
printf "%16s" `head -1 $N/status | cut -b 7-`
printf "%7d " $N
proccheck $N
echo
fi
done
if [ ! -e /usr/bin/id ] ; then
printf "\n\033[33mNote: If you are running 'checksec.sh' as an unprivileged user, you\n"
printf " will not see all processes. Please run the script as root.\033[m\n\n"
else
if !(root_privs) ; then
printf "\n\033[33mNote: You are running 'checksec.sh' as an unprivileged user.\n"
printf " Too see all processes, please run the script as root.\033[m\n\n"
fi
fi
exit 0
;;
--proc)
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
if [ -z "$2" ] ; then
printf "\033[31mError: Please provide a valid process name.\033[m\n\n"
exit 1
fi
if !(isString "$2") ; then
printf "\033[31mError: Please provide a valid process name.\033[m\n\n"
exit 1
fi
cd /proc
printf "* System-wide ASLR"
aslrcheck
printf "* Does the CPU support NX: "
nxcheck
printf " COMMAND PID RELRO STACK CANARY NX/PaX PIE\n"
for N in `ps -Ao pid,comm | grep $2 | cut -b1-6`; do
if [ -d $N ] ; then
printf "%16s" `head -1 $N/status | cut -b 7-`
printf "%7d " $N
# read permissions?
if [ ! -r $N/exe ] ; then
if !(root_privs) ; then
printf "\033[31mNo read permissions for '/proc/$N/exe' (run as root).\033[m\n\n"
exit 1
fi
if [ ! `readlink $N/exe` ] ; then
printf "\033[31mPermission denied. Requested process ID belongs to a kernel thread.\033[m\n\n"
exit 1
fi
exit 1
fi
proccheck $N
echo
fi
done
exit 0
;;
--proc-libs)
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
if [ -z "$2" ] ; then
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
exit 1
fi
if !(isNumeric "$2") ; then
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
exit 1
fi
cd /proc
printf "* System-wide ASLR"
aslrcheck
printf "* Does the CPU support NX: "
nxcheck
printf "* Process information:\n\n"
printf " COMMAND PID RELRO STACK CANARY NX/PaX PIE\n"
N=$2
if [ -d $N ] ; then
printf "%16s" `head -1 $N/status | cut -b 7-`
printf "%7d " $N
# read permissions?
if [ ! -r $N/exe ] ; then
if !(root_privs) ; then
printf "\033[31mNo read permissions for '/proc/$N/exe' (run as root).\033[m\n\n"
exit 1
fi
if [ ! `readlink $N/exe` ] ; then
printf "\033[31mPermission denied. Requested process ID belongs to a kernel thread.\033[m\n\n"
exit 1
fi
exit 1
fi
proccheck $N
echo
libcheck $N
fi
exit 0
;;
--kernel)
cd /proc
printf "* Kernel protection information:\n\n"
kernelcheck
exit 0
;;
--fortify-file)
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
if [ -z "$2" ] ; then
printf "\033[31mError: Please provide a valid file.\033[m\n\n"
exit 1
fi
# does the file exist?
if [ ! -e $2 ] ; then
printf "\033[31mError: The file '$2' does not exist.\033[m\n\n"
exit 1
fi
# read permissions?
if [ ! -r $2 ] ; then
printf "\033[31mError: No read permissions for '$2' (run as root).\033[m\n\n"
exit 1
fi
# ELF executable?
out=`file $2`
if [[ ! $out =~ ELF ]] ; then
printf "\033[31mError: Not an ELF file: "
file $2
printf "\033[m\n"
exit 1
fi
if [ -e /lib/libc.so.6 ] ; then
FS_libc=/lib/libc.so.6
elif [ -e /lib64/libc.so.6 ] ; then
FS_libc=/lib64/libc.so.6
elif [ -e /lib/i386-linux-gnu/libc.so.6 ] ; then
FS_libc=/lib/i386-linux-gnu/libc.so.6
elif [ -e /lib/x86_64-linux-gnu/libc.so.6 ] ; then
FS_libc=/lib/x86_64-linux-gnu/libc.so.6
else
printf "\033[31mError: libc not found.\033[m\n\n"
exit 1
fi
FS_chk_func_libc=( $(readelf -s $FS_libc | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//') )
FS_functions=( $(readelf -s $2 | awk '{ print $8 }' | sed 's/_*//' | sed -e 's/@.*//') )
FS_libc_check
FS_binary_check
FS_comparison
FS_summary
exit 0
;;
--fortify-proc)
if [ $have_readelf -eq 0 ] ; then
exit 1
fi
if [ -z "$2" ] ; then
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
exit 1
fi
if !(isNumeric "$2") ; then
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
exit 1
fi
cd /proc
N=$2
if [ -d $N ] ; then
# read permissions?
if [ ! -r $N/exe ] ; then
if !(root_privs) ; then
printf "\033[31mNo read permissions for '/proc/$N/exe' (run as root).\033[m\n\n"
exit 1
fi
if [ ! `readlink $N/exe` ] ; then
printf "\033[31mPermission denied. Requested process ID belongs to a kernel thread.\033[m\n\n"
exit 1
fi
exit 1
fi
if [ -e /lib/libc.so.6 ] ; then
FS_libc=/lib/libc.so.6
elif [ -e /lib64/libc.so.6 ] ; then
FS_libc=/lib64/libc.so.6
elif [ -e /lib/i386-linux-gnu/libc.so.6 ] ; then
FS_libc=/lib/i386-linux-gnu/libc.so.6
elif [ -e /lib/x86_64-linux-gnu/libc.so.6 ] ; then
FS_libc=/lib/x86_64-linux-gnu/libc.so.6
else
printf "\033[31mError: libc not found.\033[m\n\n"
exit 1
fi
printf "* Process name (PID) : %s (%d)\n" `head -1 $N/status | cut -b 7-` $N
FS_chk_func_libc=( $(readelf -s $FS_libc | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//') )
FS_functions=( $(readelf -s $2/exe | awk '{ print $8 }' | sed 's/_*//' | sed -e 's/@.*//') )
FS_libc_check
FS_binary_check
FS_comparison
FS_summary
fi
exit 0
;;
*)
if [ "$#" != "0" ] ; then
printf "\033[31mError: Unknown option '$1'.\033[m\n\n"
fi
help
exit 1
;;
esac

5
tools-hardened/desktop/files/Utilities/post_gnome3_install.sh
View file

@ -1,5 +0,0 @@
#! /bin/bash
gsettings set org.gnome.settings-daemon.plugins.cursor active false
gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/background.jpg"

24
tools-hardened/desktop/files/fluxbox-startup
View file

@ -1,24 +0,0 @@
#!/bin/sh
#
# fluxbox startup-script:
#
# Lines starting with a '#' are ignored.
# Change your keymap:
xmodmap "/home/thuser/.Xmodmap"
# Applications you want to run with fluxbox.
# MAKE SURE THAT APPS THAT KEEP RUNNING HAVE AN ''&'' AT THE END.
#
# unclutter -idle 2 &
# wmnd &
# wmsmixer -w &
# idesk &
exec fbsetbg -f /usr/share/backgrounds/background.jpg &
# And last but not least we start fluxbox.
# Because it is the last app you have to run it with ''exec'' before it.
exec fluxbox
# or if you want to keep a log:
# exec fluxbox -log "/home/thuser/.fluxbox/log"

46
tools-hardened/desktop/files/fluxbox-world
View file

@ -1,46 +0,0 @@
app-admin/metalog
app-admin/sudo
app-admin/sysstat
app-arch/sharutils
app-arch/unrar
app-arch/xarchiver
app-cdr/cdrtools
app-editors/mousepad
app-editors/nano
app-editors/vim
app-office/abiword
app-office/gnumeric
app-portage/gentoolkit
app-text/tree
mail-client/mailx
mail-client/sylpheed
mail-mta/postfix
media-video/vlc
media-gfx/ristretto
media-sound/alsa-utils
net-irc/hexchat
net-misc/dhcpcd
net-misc/openssh
net-misc/tor
sys-apps/gradm
sys-apps/iproute2
sys-boot/grub
sys-boot/syslinux
sys-fs/btrfs-progs
sys-fs/cryptsetup
sys-fs/dosfstools
sys-fs/mtools
sys-fs/squashfs-tools
sys-fs/eudev
sys-kernel/linux-firmware
sys-power/cpupower
sys-power/upower-pm-utils
sys-process/at
sys-process/fcron
www-client/firefox
x11-base/xorg-server
x11-misc/slim
x11-terms/eterm
x11-terms/xfce4-terminal
x11-wm/fluxbox
xfce-base/thunar

2
tools-hardened/desktop/files/fstab
View file

@ -1,2 +0,0 @@
tmpfs / tmpfs size=4000m,nr_inodes=1m 0 1
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0

43
tools-hardened/desktop/files/gnome-world
View file

@ -1,43 +0,0 @@
app-admin/metalog
app-admin/sudo
app-admin/sysstat
app-arch/file-roller
app-arch/sharutils
app-arch/unrar
app-cdr/cdrtools
app-editors/mousepad
app-editors/nano
app-editors/vim
app-office/abiword
app-office/gnumeric
app-portage/gentoolkit
app-text/tree
gnome-base/gnome-light
mail-client/mailx
mail-client/sylpheed
mail-mta/postfix
media-gfx/ristretto
media-sound/alsa-utils
media-video/vlc
net-irc/hexchat
net-misc/dhcpcd
net-misc/openssh
net-misc/tor
sci-calculators/galculator
sys-apps/gradm
sys-apps/iproute2
sys-boot/grub
sys-boot/syslinux
sys-fs/btrfs-progs
sys-fs/cryptsetup
sys-fs/dosfstools
sys-fs/mtools
sys-fs/squashfs-tools
sys-kernel/linux-firmware
sys-power/cpupower
sys-process/at
sys-process/cronie
www-client/firefox
x11-base/xorg-server
x11-misc/slim
x11-misc/xscreensaver

1
tools-hardened/desktop/files/kernel-config
View file

@ -1 +0,0 @@
4.0.4-hardened-r3.config

4
tools-hardened/desktop/files/locale/02locale
View file

@ -1,4 +0,0 @@
# Configuration file for eselect
# This file has been automatically generated.
LANG="en_US.utf8"
LC_COLLATE="C"

31
tools-hardened/desktop/files/locale/locale.gen
View file

@ -1,31 +0,0 @@
# /etc/locale.gen: list all of the locales you want to have on your system
#
# The format of each line:
# <locale> <charmap>
#
# Where <locale> is a locale located in /usr/share/i18n/locales/ and
# where <charmap> is a charmap located in /usr/share/i18n/charmaps/.
#
# All blank lines and lines starting with # are ignored.
#
# For the default list of supported combinations, see the file:
# /usr/share/i18n/SUPPORTED
#
# Whenever glibc is emerged, the locales listed here will be automatically
# rebuilt for you. After updating this file, you can simply run `locale-gen`
# yourself instead of re-emerging glibc.
#en_US ISO-8859-1
en_US.UTF-8 UTF-8
#ja_JP.EUC-JP EUC-JP
ja_JP.UTF-8 UTF-8
#ja_JP EUC-JP
#en_HK ISO-8859-1
#en_PH ISO-8859-1
#de_DE ISO-8859-1
#de_DE@euro ISO-8859-15
#es_MX ISO-8859-1
fa_IR UTF-8
#fr_FR ISO-8859-1
#fr_FR@euro ISO-8859-15
#it_IT ISO-8859-1

25
tools-hardened/desktop/files/portage/make.gnome.1
View file

@ -1,25 +0,0 @@
CFLAGS="-O2 -pipe"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"
#MAKEOPTS="-j9"
#
USE="mmx sse sse2 ipv6 loop-aes static-libs"
#USE="${USE} bindist suid"
USE="${USE} suid mudflap bindist"
USE="${USE} X -xorg kdrive -gnome gnome-shell cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu systemd -openrc libnotify xa"
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit -consolekit samba sqlite winbind bluetooth"
USE="${USE} cdr cdda dvdr"
USE="${USE} cups extras ppds"
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio -libav"
USE="${USE} python perl vala"
#
ABI_X86="32 64"
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
# Set PORTDIR for backward compatibility with various tools:
# gentoo-bashcomp - bug #478444
# euse - bug #474574
# euses and ufed - bug #478318
PORTDIR="/usr/portage"

25
tools-hardened/desktop/files/portage/make.gnome.2
View file

@ -1,25 +0,0 @@
CFLAGS="-O2 -pipe"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"
#MAKEOPTS="-j9"
#
USE="mmx sse sse2 ipv6 loop-aes static-libs"
#USE="${USE} bindist suid"
USE="${USE} suid mudflap bindist"
USE="${USE} X xorg kdrive gnome gnome-shell cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu systemd -openrc libnotify xa"
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit -consolekit samba sqlite winbind bluetooth"
USE="${USE} cdr cdda dvdr"
USE="${USE} cups extras ppds"
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio -libav"
USE="${USE} python perl vala"
#
ABI_X86="32 64"
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
# Set PORTDIR for backward compatibility with various tools:
# gentoo-bashcomp - bug #478444
# euse - bug #474574
# euses and ufed - bug #478318
PORTDIR="/usr/portage"

25
tools-hardened/desktop/files/portage/make.xfce4.1
View file

@ -1,25 +0,0 @@
CFLAGS="-O2 -pipe"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"
#MAKEOPTS="-j9"
#
USE="mmx sse sse2 ipv6 loop-aes static-libs"
#USE="${USE} bindist suid"
USE="${USE} suid mudflap bindist"
USE="${USE} X -xorg kdrive -gnome cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu openrc libnotify xa thunar"
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit consolekit samba sqlite winbind bluetooth"
USE="${USE} cdr cdda dvdr"
USE="${USE} cups extras ppds"
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio -libav"
USE="${USE} python perl vala"
#
ABI_X86="32 64"
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
# Set PORTDIR for backward compatibility with various tools:
# gentoo-bashcomp - bug #478444
# euse - bug #474574
# euses and ufed - bug #478318
PORTDIR="/usr/portage"

25
tools-hardened/desktop/files/portage/make.xfce4.2
View file

@ -1,25 +0,0 @@
CFLAGS="-O2 -pipe"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"
#MAKEOPTS="-j9"
#
USE="mmx sse sse2 ipv6 loop-aes static-libs"
#USE="${USE} bindist suid"
USE="${USE} suid mudflap bindist"
USE="${USE} X xorg kdrive -gnome cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu openrc libnotify xa thunar"
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit consolekit samba sqlite winbind bluetooth"
USE="${USE} cdr cdda dvdr"
USE="${USE} cups extras ppds"
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio -libav"
USE="${USE} python perl vala"
#
ABI_X86="32 64"
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
# Set PORTDIR for backward compatibility with various tools:
# gentoo-bashcomp - bug #478444
# euse - bug #474574
# euses and ufed - bug #478318
PORTDIR="/usr/portage"

3
tools-hardened/desktop/files/portage/package.gnome.accept_keywords
View file

@ -1,3 +0,0 @@
app-arch/xarchiver ~amd64
sys-kernel/hardened-sources ~amd64
=x11-drivers/xf86-video-siliconmotion-1.7.7-r1 ~amd64

25
tools-hardened/desktop/files/portage/package.gnome.use.1
View file

@ -1,25 +0,0 @@
x11-libs/libdrm libkms
virtual/udev -static-libs
sys-fs/lvm2 -static-libs
sys-fs/cryptsetup -static-libs
media-sound/cdparanoia -static-libs
net-misc/openssh -bindist
dev-libs/openssl -bindist
x11-base/xorg-server xorg
sys-libs/zlib minizip
x11-libs/cairo opengl
media-libs/mesa gbm gles2
app-misc/tracker -ffmpeg
media-libs/grilo playlist
www-servers/apache apache2_modules_auth_digest
virtual/libudev -static-libs
virtual/libgudev -static-libs introspection
sys-apps/systemd introspection
sys-fs/udev introspection
dev-libs/libgdata gnome
net-misc/dhcp client
x11-libs/libxcb xkb
media-libs/clutter egl
media-libs/cogl gles2
sys-apps/util-linux -systemd
dev-libs/libusb udev

23
tools-hardened/desktop/files/portage/package.gnome.use.2
View file

@ -1,23 +0,0 @@
x11-libs/libdrm libkms
virtual/udev -static-libs
sys-fs/lvm2 -static-libs
sys-fs/cryptsetup -static-libs
media-sound/cdparanoia -static-libs
net-misc/openssh -bindist
dev-libs/openssl -bindist
x11-base/xorg-server xorg
sys-libs/zlib minizip
x11-libs/cairo opengl
media-libs/mesa gbm gles2
app-misc/tracker -ffmpeg
media-libs/grilo playlist
www-servers/apache apache2_modules_auth_digest
virtual/libudev -static-libs
virtual/libgudev -static-libs introspection
sys-apps/systemd introspection
sys-fs/udev introspection
dev-libs/libgdata gnome
net-misc/dhcp client
x11-libs/libxcb xkb
media-libs/clutter egl
media-libs/cogl gles2

5
tools-hardened/desktop/files/portage/package.xfce4.accept_keywords
View file

@ -1,5 +0,0 @@
app-arch/xarchiver ~amd64
sys-kernel/hardened-sources ~amd64
xfce-extra/xfce4-composite-editor ~amd64
xfce-extra/xfce-theme-manager ~amd64
=x11-drivers/xf86-video-siliconmotion-1.7.7-r1 ~amd64

10
tools-hardened/desktop/files/portage/package.xfce4.use.1
View file

@ -1,10 +0,0 @@
x11-libs/libdrm libkms
virtual/udev -static-libs
sys-fs/lvm2 -static-libs
sys-fs/cryptsetup -static-libs
media-sound/cdparanoia -static-libs
x11-base/xorg-server xorg
sys-libs/zlib minizip
x11-libs/cairo opengl
media-libs/mesa gbm
dev-libs/libusb udev

9
tools-hardened/desktop/files/portage/package.xfce4.use.2
View file

@ -1,9 +0,0 @@
x11-libs/libdrm libkms
virtual/udev -static-libs
sys-fs/lvm2 -static-libs
sys-fs/cryptsetup -static-libs
media-sound/cdparanoia -static-libs
x11-base/xorg-server xorg
sys-libs/zlib minizip
x11-libs/cairo opengl
media-libs/mesa gbm

1
tools-hardened/desktop/files/portage/profile/package.use
View file

@ -1 +0,0 @@
x11-drivers/ati-drivers -modules

7
tools-hardened/desktop/files/portage/repos.conf/gentoo.conf
View file

@ -1,7 +0,0 @@
[DEFAULT]
main-repo = gentoo
[gentoo]
location = /usr/portage
sync-type = rsync
sync-uri = rsync://rsync.gentoo.org/gentoo-portage

5
tools-hardened/desktop/files/resolv.conf
View file

@ -1,5 +0,0 @@
# Add your own name server here.
# This is only for the build. It
# will be removed in the final image.
nameserver 209.18.47.61
nameserver 209.18.47.62

93
tools-hardened/desktop/files/usermenu
View file

@ -1,93 +0,0 @@
[begin] (Fluxbox 1.3.2)
[encoding] {UTF-8}
[exec] (xfce4-terminal) {xfce4-terminal}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/utilities-terminal.xpm>
[submenu] (Terminals)
[exec] (xfce4-terminal) {xfce4-terminal}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/utilities-terminal.xpm>
[end]
[submenu] (Net)
[submenu] (Browsers)
[exec] (firefox) {firefox}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/firefox.xpm>
[end]
[submenu] (Mail)
[exec] (sylpheed) {sylpheed}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/sylpheed.xpm>
[end]
[submenu] (IRC client)
[exec] (hexchat) {hexchat}
[end]
[end]
[submenu] (Editors)
[exec] (mousepad) {mousepad}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/accessories-text-editor.xpm>
[exec] (nano) {xfce4-terminal -e nano}
[exec] (vim) {xfce4-terminal -e vim}
[exec] (vi) {xfce4-terminal -e vi}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/vinagre.xpm>
[end]
[submenu] (File utils)
[exec] (thunar) {thunar}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/system-file-manager.xpm>
[end]
[submenu] (Multimedia)
[submenu] (Audio)
[exec] (alsamixer) {xfce4-terminal -e alsamixer}
[end]
[submenu] (Video)
[exec] (vlc) {vlc}
</usr/share/icons/hicolor/48x48/apps/vlc.xpm>
[end]
[submenu] (Image)
[exec] (ristretto)
[end]
[submenu] (X-utils)
[exec] (Reload .Xdefaults) {xrdb -load $HOME/.Xdefaults}
[end]
[submenu] (Office)
[exec] (galculator) {galculator}
[exec] (abiword) {abiword}
[exec] (gnumeric) {gnumeric}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/abiword_48.xpm>
[end]
[end]
[submenu] (System Tools)
[submenu] (Burning)
[exec] (xcdroast) {xcdroast}
</usr/share/icons/hicolor/48x48/apps/xcdroast.xpm>
[end]
[exec] (porthole) {porthole}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/porthole-icon.xpm>
[exec] (top) {xfce4-terminal -e top}
[end]
[submenu] (Fluxbox menu)
[config] (Configure)
[submenu] (Styles)
[include] (/usr/share/fluxbox/menu.d/styles/)
[end]
[workspaces] (Workspace List)
[submenu] (Tools)
[exec] (Window name) {xprop WM_CLASS|cut -d \" -f 2|gxmessage
-file - -center}
[exec] (Screenshot - JPG) {import screenshot.jpg && display
-resize 50% screenshot.jpg}
[exec] (Screenshot - PNG) {import screenshot.png && display
-resize 50% screenshot.png}
[end]
[submenu] (Window Managers)
[restart] (xfce4) {xfwm4}
[restart] (gnome) {gnome-session}
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/session-properties.xpm>
[end]
[commanddialog] (Fluxbox Command)
[reconfig] (Reload config)
[restart] (Restart)
[exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) | gxmessage
-file - -center}
[separator]
[exit] (Exit)
[end]
[endencoding]
[end]

63
tools-hardened/desktop/files/xfce4-world
View file

@ -1,63 +0,0 @@
app-admin/metalog
app-admin/sudo
app-admin/sysstat
app-arch/sharutils
app-arch/unrar
app-arch/xarchiver
app-cdr/cdrtools
app-editors/mousepad
app-editors/nano
app-editors/vim
app-office/abiword
app-office/gnumeric
app-portage/gentoolkit
app-text/tree
mail-client/mailx
mail-client/sylpheed
mail-mta/postfix
media-video/vlc
media-gfx/ristretto
media-sound/alsa-utils
net-irc/hexchat
net-misc/dhcpcd
net-misc/openssh
net-misc/tor
sci-calculators/galculator
sys-apps/gradm
sys-apps/iproute2
sys-apps/pciutils
sys-boot/grub
sys-boot/syslinux
sys-fs/btrfs-progs
sys-fs/cryptsetup
sys-fs/dosfstools
sys-fs/mtools
sys-fs/squashfs-tools
sys-fs/eudev
sys-kernel/linux-firmware
sys-power/cpupower
sys-power/upower-pm-utils
sys-process/at
sys-process/cronie
www-client/firefox
x11-base/xorg-server
x11-misc/slim
x11-terms/xfce4-terminal
xfce-base/thunar
xfce-base/xfce4-meta
xfce-extra/thunar-archive-plugin
xfce-extra/tumbler
xfce-extra/xfce-theme-manager
xfce-extra/xfce4-composite-editor
xfce-extra/xfce4-cpufreq-plugin
xfce-extra/xfce4-cpugraph-plugin
xfce-extra/xfce4-datetime-plugin
xfce-extra/xfce4-diskperf-plugin
xfce-extra/xfce4-mixer
xfce-extra/xfce4-notes-plugin
xfce-extra/xfce4-places-plugin
xfce-extra/xfce4-screenshooter
xfce-extra/xfce4-systemload-plugin
xfce-extra/xfce4-weather-plugin
xfce-extra/xfce4-whiskermenu-plugin
xfce-base/xfconf

98
tools-hardened/desktop/fluxbox-run.sh
View file

@ -1,98 +0,0 @@
#!/bin/bash
ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-fluxbox"
PWD="$(pwd)"
STAGE3=${STAGE3:-"/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"}
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
MAKE_BASE="xfce4"
KEYWORDS_BASE="gnome"
USE_BASE="xfce4"
WORLD_BASE="fluxbox"
source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
cp -f passwd.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/passwd.sh
rm -f "${ROOTFS}"/tmp/passwd.sh
rm -rf "${ROOTFS}"/etc/skel
cp -a thuser "${ROOTFS}"/etc/skel
cp -f files/usermenu "${ROOTFS}"/usr/share/fluxbox/
cp -f files/fluxbox-startup "${ROOTFS}"/usr/share/fluxbox/startup
sed -i 's/^\/usr\/*.*/exec startfluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/etc/skel/.xinitrc
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf,.fluxbox}
chmod 700 "${ROOTFS}"/etc/skel/.ssh
wget -O "${ROOTFS}"/etc/skel/.config/dconf/user "${DCONF_LOCAL}"
wget -O "${ROOTFS}"/etc/skel/.cache/dconf/user "${DCONF_LOCAL}"
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
sed -i -e 's/^\/usr\/*.*/exec startfluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/home/thuser/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf,.fluxbox}
cp -f "${ROOTFS}"/usr/share/fluxbox/{apps,init,keys,menu,overlay,startup,usermenu,windowmenu} /home/thuser/.fluxbox/
chmod 700 "${ROOTFS}"/home/thuser/.ssh
wget -O "${ROOTFS}"/home/thuser/.config/dconf/user "${DCONF_LOCAL}"
wget -O "${ROOTFS}"/home/thuser/.cache/dconf/user "${DCONF_LOCAL}"
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
}
setup_confs() {
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1slim/' "${ROOTFS}"/etc/conf.d/xdm
sed -i 's/^\(login.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# login_cmd.*Xsession/ a\login_cmd exec /bin/bash -login ~/.xinitrc' "${ROOTFS}"/etc/slim.conf
sed -i 's/^\(sessiondir.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# sessiondir.*/ a\sessiondir /etc/X11/Sessions' "${ROOTFS}"/etc/slim.conf
sed -i 's/^session\.menuFile.*./session\.menuFile: \/usr\/share\/fluxbox\/usermenu/' "${ROOTFS}"/usr/share/fluxbox/init
mkdir -p "${ROOTFS}"/usr/share/backgrounds/
wget -O "${ROOTFS}"/usr/share/backgrounds/background.jpg "${IMAGE}"
sed -i '/^SYNC/d' "${ROOTFS}"/etc/portage/make.conf
sed -i '/^GENTOO_MIRRORS/d' "${ROOTFS}"/etc/portage/make.conf
sed -i 's/^MAKEOPTS/#MAKEOPTS/' "${ROOTFS}"/etc/portage/make.conf
sed -i 's/^exec \/sbin\/*.*/exec \/sbin\/switch_root \/mnt\/tmpfs \/sbin\/init/' configs/init
sed -i 's/^clock=\"*.*\"$/clock=\"local\"/' "${ROOTFS}"/etc/conf.d/hwclock
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
chroot "${ROOTFS}"/ locale-gen
chroot "${ROOTFS}"/ eselect locale set en_US.utf8
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
unpack_stage3
mount_dirs
populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
update_world
build_kernel
setup_initrc
setup_usergroups
setup_confs
cleanup_dirs
unmount_dirs
make_iso
}
main > fluxbox-${ARCH}-build.log 2>&1 &

95
tools-hardened/desktop/gnome3-run.sh
View file

@ -1,95 +0,0 @@
#!/bin/bash
ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-gnome"
PWD="$(pwd)"
STAGE3=${STAGE3:-"/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"}
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
BASE="gnome"
MAKE_BASE="${BASE}"
KEYWORDS_BASE="${BASE}"
USE_BASE="${BASE}"
WORLD_BASE="${BASE}"
source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
cp -f passwd.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/passwd.sh
rm -f "${ROOTFS}"/tmp/passwd.sh
rm -rf "${ROOTFS}"/etc/skel
cp -a thuser "${ROOTFS}"/etc/skel
sed -i '2 i\gsettings set org.gnome.desktop.background picture-uri file:\/\/\/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/etc/skel/.xinitrc
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
chmod 700 "${ROOTFS}"/etc/skel/.ssh
wget -O "${ROOTFS}"/etc/skel/.config/dconf/user "${DCONF_LOCAL}"
wget -O "${ROOTFS}"/etc/skel/.cache/dconf/user "${DCONF_LOCAL}"
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
sed -i '2 i\gsettings set org.gnome.desktop.background picture-uri file:\/\/\/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/home/thuser/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_xfce4_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
chmod 700 "${ROOTFS}"/home/thuser/.ssh
wget -O "${ROOTFS}"/home/thuser/.config/dconf/user "${DCONF_LOCAL}"
wget -O "${ROOTFS}"/home/thuser/.cache/dconf/user "${DCONF_LOCAL}"
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
}
setup_confs() {
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1slim/' "${ROOTFS}"/etc/conf.d/xdm
sed -i 's/^\(login.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# login_cmd.*Xsession/ a\login_cmd exec /bin/bash -login ~/.xinitrc' "${ROOTFS}"/etc/slim.conf
sed -i 's/^\(sessiondir.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# sessiondir.*/ a\sessiondir /etc/X11/Sessions' "${ROOTFS}"/etc/slim.conf
if [ ! -d "${ROOTFS}/usr/share/backgrounds" ];
then
mkdir -p "${ROOTFS}"/usr/share/backgrounds
fi
wget -O "${ROOTFS}"/usr/share/backgrounds/background.jpg "${IMAGE}"
sed -i '/^SYNC/d' "${ROOTFS}"/etc/portage/make.conf
sed -i '/^GENTOO_MIRRORS/d' "${ROOTFS}"/etc/portage/make.conf
sed -i 's/^MAKEOPTS/#MAKEOPTS/' "${ROOTFS}"/etc/portage/make.conf
sed -i 's/^exec \/sbin\/*.*/exec \/sbin\/switch_root \/mnt\/tmpfs \/usr\/lib\/systemd\/systemd/' configs/init
sed -i 's/^clock=\"*.*\"$/clock=\"local\"/' "${ROOTFS}"/etc/conf.d/hwclock
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
chroot "${ROOTFS}"/ locale-gen
chroot "${ROOTFS}"/ eselect locale set en_US.utf8
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
unpack_stage3
mount_dirs
populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
update_world
build_kernel
setup_systemd
setup_usergroups
setup_confs
cleanup_dirs
unmount_dirs
make_iso
}
main > gnome3-"${ARCH}"-build.log 2>&1 &

68
tools-hardened/desktop/make.sh
View file

@ -1,68 +0,0 @@
#!/bin/bash
WORKING=$(pwd)
CHROOTS=${CHROOTS:-"${WORKING}"}
MYROOT=${MYROOT:-""}
cleanup() {
cd ${WORKING}
rm -f ramdisk.iso
rm -f tinhat.igz
rm -rf init
rm -rf iso
}
mkinitramfs() {
local BUSYBOX="http://dev.gentoo.org/~twitch153/tinhat/busybox"
cd ${WORKING}
mkdir init
cd init
mkdir -p bin dev etc mnt/cdrom mnt/squashfs mnt/tmpfs proc sbin sys tmp usr/bin usr/sbin var
wget -O ${WORKING}/init/bin/busybox "${BUSYBOX}"
cp ../configs/init .
chmod 755 bin/busybox
chmod 755 init
chroot . /bin/busybox --install -s
find . | cpio -H newc -o | gzip -9 > ../tinhat.igz
cd ${WORKING}
rm -rf init
}
mkiso() {
cd ${WORKING}
mkdir -p iso/boot/grub
mv tinhat.igz iso/boot
cp -L ${CHROOTS}/${MYROOT}/boot/kernel iso/boot/tinhat
cp files/th-boot/grub/stage2_eltorito iso/boot/grub
cp configs/menu.lst iso/boot/grub/menu.lst
cp configs/ABOUT.html iso/ABOUT.html
mksquashfs ${CHROOTS}/${MYROOT} iso/tinroot -comp xz -e usr/src var/cache/edb usr/portage/distfiles
mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -o ramdisk.iso iso
rm -rf iso
}
nameit() {
DATE=$(date +%Y%m%d)
NAME="${MYROOT}-${DATE}.iso"
[ -f ramdisk.iso ] && mv ramdisk.iso $NAME || echo "Can't name ramdisk.iso, I didn't find it."
}
cleanup
mkinitramfs
mkiso
nameit

26
tools-hardened/desktop/passwd.sh
View file

@ -1,26 +0,0 @@
#!/bin/bash -l
echo root:thuser | chpasswd
useradd -m thuser
gpasswd -a thuser disk
gpasswd -a thuser wheel
gpasswd -a thuser audio
gpasswd -a thuser video
gpasswd -a thuser floppy
gpasswd -a thuser tape
gpasswd -a thuser cdrom
gpasswd -a thuser cdrw
gpasswd -a thuser usb
gpasswd -a thuser games
gpasswd -a thuser bluetooth
gpasswd -a portage wheel
echo thuser:thuser | chpasswd
groupadd -g 9995 graudit
groupadd -g 9996 grslink
groupadd -g 9997 grasock
groupadd -g 9998 grcsock
groupadd -g 9999 grssock

7
tools-hardened/desktop/rebuild.sh
View file

@ -1,7 +0,0 @@
#!/bin/bash -l
kernel_dir="/usr/src/linux-tinhat"
source /etc/profile
env-update
KERNEL_DIR="${kernel_dir}" emerge -evq --keep-going --with-bdeps=y world

145
tools-hardened/desktop/run-base.sh
View file

@ -1,145 +0,0 @@
#!/bin/bash
unpack_stage3() {
mkdir "${ROOTFS}"
tar -x -C "${ROOTFS}" -f "${STAGE3}"
}
mount_dirs() {
mkdir "${ROOTFS}"/usr/portage/
mount --rbind /usr/portage/ "${ROOTFS}"/usr/portage/
mount --rbind /proc/ "${ROOTFS}"/proc/
mount --rbind /dev/ "${ROOTFS}"/dev/
mount --rbind /sys/ "${ROOTFS}"/sys/
}
populate_kernel_src() {
cp -f files/kernel-config "${KERNEL_SOURCE}"
cp -Rf "${KERNEL_SOURCE}"/ "${ROOTFS}"/usr/src/
}
populate_etc() {
cp -f files/fstab "${ROOTFS}"/etc/fstab
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
cp -f files/portage/make."${MAKE_BASE}".1 "${ROOTFS}"/etc/portage/make.conf
cp -f files/portage/package."${KEYWORDS_BASE}".accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
cp -f files/portage/package."${USE_BASE}".use.1 "${ROOTFS}"/etc/portage/package.use
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
}
rebuild_toolchain() {
cp -f toolchain.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/toolchain.sh
rm -f "${ROOTFS}"/tmp/toolchain.sh
}
rebuild_world() {
cp -f files/"${WORLD_BASE}"-world "${ROOTFS}"/var/lib/portage/world
cp -f rebuild.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/rebuild.sh
rm -f "${ROOTFS}"/tmp/rebuild.sh
}
update_world() {
cp -f files/portage/package."${USE_BASE}".use.2 "${ROOTFS}"/etc/portage/package.use
cp -f files/portage/make."${MAKE_BASE}".2 "${ROOTFS}"/etc/portage/make.conf
cp -f update.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/update.sh
rm -f "${ROOTFS}"/tmp/update.sh
if [ "${WORLD_BASE}" == "gnome" ];
then
gnome_shell_loc=`chroot "${ROOTFS}"/ which gnome-shell`
chroot "${ROOTFS}"/ paxctl-ng -vm "${gnome_shell_loc}"
unset gnome_shell_loc
fi
}
build_kernel() {
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
mkdir -p "${ROOTFS}"/boot
genkernel \
--kernel-config=files/kernel-config \
--makeopts=-j9 \
--static \
--symlink \
--no-mountboot \
--kerneldir="${KERNEL_SOURCE}" \
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
all
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
# objcopy --strip-unneeded $i
#done
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
tar -x -C "${PWD}"/files -f th-boot.tar.gz
cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
rm -f "${PWD}"/th-boot.tar.gz
}
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
chroot "${ROOTFS}"/ rc-update add atd boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
chroot "${ROOTFS}"/ rc-update add postfix default
chroot "${ROOTFS}"/ rc-update add sshd default
chroot "${ROOTFS}"/ rc-update add xdm default
chroot "${ROOTFS}"/ rc-update add dbus default
chroot "${ROOTFS}"/ rc-update add syslog-ng default
chroot "${ROOTFS}"/ rc-update add udev-postmount default
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
}
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
chroot "${ROOTFS}"/ systemctl enable atd.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
chroot "${ROOTFS}"/ systemctl enable systemd-resolved
chroot "${ROOTFS}"/ systemctl enable postfix.service
chroot "${ROOTFS}"/ systemctl disable gdm
chroot "${ROOTFS}"/ systemctl enable slim
chroot "${ROOTFS}"/ systemctl enable sshd.service
chroot "${ROOTFS}"/ systemctl disable avahi-daemon.service
chroot "${ROOTFS}"/ systemctl disable bluetooth.serivce
chroot "${ROOTFS}"/ systemctl disable cups.service
}
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
rm -rf "${ROOTFS}"/usr/src/*
rm -rf "${ROOTFS}"/var/cache/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
rm -rf "${ROOTFS}"/etc/resolv.conf
rm -rf "${ROOTFS}"/etc/ssh/*key*
rm -rf "${ROOTFS}"/root/.viminfo
for i in ${ROOTFS}/root/.bash_history ; do >$i; done
find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
}
unmount_dirs() {
umount -l "${ROOTFS}"/sys/
umount -l "${ROOTFS}"/dev/
umount -l "${ROOTFS}"/proc/
umount -l "${ROOTFS}"/usr/portage/
mkdir "${ROOTFS}"/usr/portage/profiles/
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
}
make_iso() {
MYROOT="${ROOTFS}" ./make.sh
}

6
tools-hardened/desktop/thuser/.bash_logout
View file

@ -1,6 +0,0 @@
# /etc/skel/.bash_logout
# This file is sourced when a login shell terminates.
# Clear the screen for security's sake.
clear

5
tools-hardened/desktop/thuser/.bash_profile
View file

@ -1,5 +0,0 @@
# /etc/skel/.bash_profile
# This file is sourced by bash for login shells. The following line
# runs your .bashrc and is recommended by the bash info pages.
[[ -f ~/.bashrc ]] && . ~/.bashrc

18
tools-hardened/desktop/thuser/.bashrc
View file

@ -1,18 +0,0 @@
# /etc/skel/.bashrc
#
# This file is sourced by all *interactive* bash shells on startup,
# including some apparently interactive shells such as scp and rcp
# that can't tolerate any output. So make sure this doesn't display
# anything or bad things will happen !
# Test for an interactive shell. There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.
if [[ $- != *i* ]] ; then
# Shell is non-interactive. Be done now!
return
fi
# Put your fun stuff here.

3
tools-hardened/desktop/thuser/.config/Thunar/accels.scm
View file

@ -1,3 +0,0 @@
; Thunar GtkAccelMap rc-file -*- scheme -*-
; this file is an automated accelerator map dump
;

11
tools-hardened/desktop/thuser/.config/gtk-2.0/gtkfilechooser.ini
View file

@ -1,11 +0,0 @@
[Filechooser Settings]
LocationMode=path-bar
ShowHidden=false
ShowSizeColumn=true
GeometryX=36
GeometryY=92
GeometryWidth=952
GeometryHeight=585
SortColumn=name
SortOrder=ascending
StartupMode=recent

560
tools-hardened/desktop/thuser/.config/smplayer/smplayer.ini
View file

@ -1,560 +0,0 @@
[update_checker]
checked_date=@Variant(\0\0\0\xe\0%{\x9c)
last_known_version=0.8.5.5487
[smplayer]
stable_version=0.8.5
check_for_new_version=true
[actions]
open_file=Ctrl+F
open_directory=
open_playlist=
open_vcd=
open_audio_cd=
open_dvd=
open_dvd_folder=
open_url=Ctrl+U
close=Ctrl+X
clear_recents=
favorites_menu=
tv_menu=
edit_tv_list=
jump_tv_list=
next_tv=H
previous_tv=L
radio_menu=
edit_radio_list=
jump_radio_list=
next_radio=Shift+H
previous_radio=Shift+L
play=
play_or_pause=Media Play
pause=Space
pause_and_frame_step=
stop=Media Stop
frame_step=.
rewind1=Left
rewind2=Down
rewind3=PgDown
forward1=Right
forward2=Up
forward3=PgUp
set_a_marker=
set_b_marker=
clear_ab_markers=
repeat=
jump_to=Ctrl+J
normal_speed=Backspace
halve_speed={
double_speed=}
dec_speed=[
inc_speed=]
dec_speed_4=
inc_speed_4=
dec_speed_1=
inc_speed_1=
fullscreen=F
compact=Ctrl+C
video_equalizer=Ctrl+E
screenshot=S
multiple_screenshots=Shift+D
video_preview=
flip=
mirror=
postprocessing=
autodetect_phase=
deblock=
dering=
gradfun=
add_noise=
add_letterbox=
upscaling=
audio_equalizer=
mute=M
decrease_volume="9, /"
increase_volume="0, *"
dec_audio_delay=-
inc_audio_delay=+
audio_delay=
load_audio_file=
unload_audio_file=
extrastereo_filter=
karaoke_filter=
volnorm_filter=
load_subs=
unload_subs=
dec_sub_delay=Z
inc_sub_delay=X
sub_delay=
dec_sub_pos=R
inc_sub_pos=T
dec_sub_scale=Shift+R
inc_sub_scale=Shift+T
dec_sub_step=G
inc_sub_step=Y
use_ass_lib=
use_forced_subs_only=
subtitle_visibility=V
show_find_sub_dialog=
upload_subtitles=
show_playlist=Ctrl+L
show_file_properties=Ctrl+I
show_preferences=Ctrl+P
show_tube_browser=F11
show_mplayer_log=Ctrl+M
show_smplayer_log=Ctrl+S
first_steps=
faq=
cl_options=
check_updates=
show_config=
about_qt=
about_smplayer=
facebook=
twitter=
gmail=
hotmail=
yahoo=
play_next=>
play_prev=<
move_up=Alt+Up
move_down=Alt+Down
move_left=Alt+Left
move_right=Alt+Right
inc_zoom=E
dec_zoom=W
reset_zoom=Shift+E
auto_zoom=Shift+W
zoom_169=Shift+A
zoom_235=Shift+S
exit_fullscreen=Esc
next_osd=O
dec_contrast=1
inc_contrast=2
dec_brightness=3
inc_brightness=4
dec_hue=5
inc_hue=6
dec_saturation=7
inc_saturation=8
dec_gamma=
inc_gamma=
next_video=
next_audio=K
next_subtitle=J
next_chapter=@@
prev_chapter=!
toggle_double_size=Ctrl+D
reset_video_equalizer=
reset_audio_equalizer=
show_context_menu=
next_aspect=A
next_wheel_function=
show_filename=Shift+I
toggle_deinterlacing=D
osd_none=
osd_seek=
osd_timer=
osd_total=
denoise_none=
denoise_normal=
denoise_soft=
unsharp_off=
blur=
sharpen=
size_50=
size_75=
size_100=Ctrl+1
size_125=
size_150=
size_175=
size_200=Ctrl+2
size_300=
size_400=
deinterlace_none=
deinterlace_l5=
deinterlace_yadif0=
deinterlace_yadif1=
deinterlace_lb=
deinterlace_kern=
channels_stereo=
channels_surround=
channels_ful51=
channels_ful61=
channels_ful71=
stereo=
left_channel=
right_channel=
mono=
reverse_channels=
aspect_detect=
aspect_1%3A1=
aspect_3%3A2=
aspect_4%3A3=
aspect_5%3A4=
aspect_14%3A9=
aspect_14%3A10=
aspect_16%3A9=
aspect_16%3A10=
aspect_2.35%3A1=
aspect_none=
rotate_none=
rotate_clockwise_flip=
rotate_clockwise=
rotate_counterclockwise=
rotate_counterclockwise_flip=
on_top_always=
on_top_never=
on_top_playing=
toggle_stay_on_top=
cc_none=
cc_ch_1=
cc_ch_2=
cc_ch_3=
cc_ch_4=
sub_fps_none=
sub_fps_23976=
sub_fps_24=
sub_fps_25=
sub_fps_29970=
sub_fps_30=
dvdnav_up=Shift+Up
dvdnav_down=Shift+Down
dvdnav_left=Shift+Left
dvdnav_right=Shift+Right
dvdnav_menu=Shift+Return
dvdnav_select=Return
dvdnav_prev=Shift+Esc
dvdnav_mouse=
disc_menu=
speed_menu=
ab_menu=
videotrack_menu=
videosize_menu=
zoom_menu=
aspect_menu=
deinterlace_menu=
videofilter_menu=
denoise_menu=
unsharp_menu=
rotate_menu=
ontop_menu=
audiotrack_menu=
audiofilter_menu=
audiochannels_menu=
stereomode_menu=
subtitlestrack_menu=
subfps_menu=
closed_captions_menu=
titles_menu=
chapters_menu=
angles_menu=
programtrack_menu=
osd_menu=
quit=Ctrl+Q
show_tray_icon=
restore\hide=
pl_open=
pl_save=
pl_play=
pl_next=N
pl_prev=P
pl_move_up=
pl_move_down=
pl_repeat=
pl_shuffle=
pl_add_current=
pl_add_files=
pl_add_directory=
pl_add_urls=
pl_remove_selected=
pl_remove_all=
pl_edit=
toggle_video_info=
toggle_frame_counter=
edit_main_toolbar=
edit_control1=
edit_control2=
edit_floating_control=
show_main_toolbar=F5
show_language_toolbar=F6
[%General]
config_version=4
mplayer_bin=mplayer2
driver\vo=xv
driver\audio_output=alsa
use_screenshot=true
screenshot_folder=/home/gentoo/Pictures/smplayer_screenshots
dont_remember_media_settings=false
dont_remember_time_pos=false
audio_lang=
subtitle_lang=
use_direct_rendering=false
use_double_buffer=true
use_soft_video_eq=false
use_slices=false
autoq=6
add_blackborders_on_fullscreen=false
disable_screensaver=true
vdpau_ffh264vdpau=true
vdpau_ffmpeg12vdpau=true
vdpau_ffwmv3vdpau=true
vdpau_ffvc1vdpau=true
vdpau_ffodivxvdpau=false
vdpau_disable_video_filters=true
use_soft_vol=true
softvol_max=110
use_scaletempo=-1
use_hwac3=false
use_audio_equalizer=true
global_volume=true
volume=50
mute=false
autosync=false
autosync_factor=100
use_mc=false
mc_value=0
osd=0
osd_delay=2200
file_settings_method=hash
[drives]
dvd_device=
cdrom_device=/dev/cdrom
vcd_initial_title=2
use_dvdnav=false
[performance]
priority=2
frame_drop=false
hard_frame_drop=false
coreavc=false
h264_skip_loop_filter=1
HD_height=720
fast_audio_change=-1
threads=1
cache_for_files=2048
cache_for_streams=2048
cache_for_dvds=0
cache_for_vcds=1024
cache_for_audiocds=1024
cache_for_tv=3000
[youtube]
quality=22
user_agent=
[subtitles]
font_file=
font_name=
use_fontconfig=false
subcp=ISO-8859-1
use_enca=false
enca_lang=
font_autoscale=1
subfuzziness=1
autoload_sub=true
use_ass_subtitles=true
ass_line_spacing=0
use_forced_subs_only=false
sub_visibility=true
subtitles_on_screenshots=false
use_new_sub_commands=-1
change_sub_scale_should_restart=-1
fast_load_sub=true
styles\fontname=Arial
styles\fontsize=20
styles\primarycolor=4294967295
styles\backcolor=4278190080
styles\outlinecolor=4278190080
styles\bold=false
styles\italic=false
styles\halignment=2
styles\valignment=0
styles\borderstyle=1
styles\outline=1
styles\shadow=2
styles\marginl=20
styles\marginr=20
styles\marginv=8
force_ass_styles=false
user_forced_ass_style=
freetype_support=true
[advanced]
color_key=20202
use_mplayer_window=false
monitor_aspect=
use_idx=false
mplayer_additional_options=
mplayer_additional_video_filters=
mplayer_additional_audio_filters=
log_mplayer=true
verbose_log=false
autosave_mplayer_log=false
mplayer_log_saveto=
log_smplayer=true
log_filter=.*
save_smplayer_log=false
repaint_video_background=false
use_edl_files=true
prefer_ipv4=true
use_short_pathnames=false
change_video_equalizer_on_startup=true
use_pausing_keep_force=true
correct_pts=-1
actions_to_run=
show_tag_in_window_title=true
time_to_kill_mplayer=1000
[gui]
fullscreen=false
start_in_fullscreen=false
compact_mode=false
stay_on_top=0
size_factor=100
resize_method=0
style=
move_when_dragging=false
mouse_left_click_function=dvdnav_mouse
mouse_right_click_function=show_context_menu
mouse_double_click_function=fullscreen
mouse_middle_click_function=mute
mouse_xbutton1_click_function=
mouse_xbutton2_click_function=
mouse_wheel_function=2
wheel_function_cycle=30
wheel_function_seeking_reverse=false
seeking1=10
seeking2=60
seeking3=600
seeking4=30
update_while_seeking=false
time_slider_drag_delay=100
relative_seeking=false
precise_seeking=true
reset_stop=false
language=
iconset=
balloon_count=5
restore_pos_after_fullscreen=false
save_window_size_on_exit=true
close_on_finish=false
default_font=
pause_when_hidden=false
allow_video_movement=false
gui=DefaultGUI
gui_minimum_width=0
default_size=@Size(683 509)
hide_video_window_on_audio_files=true
report_mplayer_crashes=true
reported_mplayer_is_old=false
auto_add_to_playlist=true
add_to_playlist_consecutive_files=false
[tv]
check_channels_conf_on_startup=true
initial_tv_deinterlace=4
last_dvb_channel=
last_tv_channel=
[directories]
latest_dir=/home/gentoo
last_dvd_directory=
save_dirs=true
[defaults]
initial_sub_scale=5
initial_sub_scale_ass=1
initial_volume=40
initial_contrast=0
initial_brightness=0
initial_hue=0
initial_saturation=0
initial_gamma=0
initial_audio_equalizer=0, 0, 0, 0, 0, 0, 0, 0, 0, 0
initial_zoom_factor=1
initial_sub_pos=100
initial_volnorm=false
initial_postprocessing=false
initial_deinterlace=0
initial_audio_channels=2
initial_stereo_mode=0
initial_audio_track=1
initial_subtitle_track=1
[mplayer_info]
mplayer_detected_version=-1
mplayer_user_supplied_version=-1
is_mplayer2=false
mplayer2_detected_version=
[instances]
single_instance_enabled=true
[floating_control]
margin=0
width=70
animated=true
display_in_compact_mode=false
bypass_window_manager=true
[history]
recents=@Invalid()
recents\max_items=10
urls=@Invalid()
urls\max_items=50
[filter_options]
blur=lc:-1.5
deblock=vb/hb
denoise_normal=
denoise_soft=2:1:2
gradfun=
noise=9ah:5ah
sharpen=lc:1.5
volnorm=1
[default_gui]
video_info=false
frame_counter=false
fullscreen_toolbar1_was_visible=false
fullscreen_toolbar2_was_visible=false
compact_toolbar1_was_visible=false
compact_toolbar2_was_visible=false
pos=@Point(0 31)
size=@Size(683 509)
toolbars_state=@ByteArray(\0\0\0\xff\0\0\x12\xc4\xfd\0\0\0\x1\0\0\0\x3\0\0\0\0\0\0\0\0\xfc\x1\0\0\0\x1\xfb\0\0\0\x18\0p\0l\0\x61\0y\0l\0i\0s\0t\0\x64\0o\0\x63\0k\x2\0\0\0\0\0\0\0\0\0\0\0\x64\0\0\0\x1e\0\0\x2\xab\0\0\x1\x88\0\0\0\x4\0\0\0\x4\0\0\0\b\0\0\0\b\xfc\0\0\0\x2\0\0\0\x2\0\0\0\x2\0\0\0\x10\0t\0o\0o\0l\0\x62\0\x61\0r\0\x31\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x10\0t\0o\0o\0l\0\x62\0\x61\0r\0\x32\x1\0\0\x1\x9b\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x3\0\0\0\x2\0\0\0\x1a\0\x63\0o\0n\0t\0r\0o\0l\0w\0i\0\x64\0g\0\x65\0t\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0$\0\x63\0o\0n\0t\0r\0o\0l\0w\0i\0\x64\0g\0\x65\0t\0_\0m\0i\0n\0i\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0)
actions\toolbar1=open_file, open_url, favorites_menu, separator, screenshot, separator, show_file_properties, show_playlist, show_tube_browser, separator, show_preferences, separator, play_prev, play_next
actions\controlwidget=play, pause_and_frame_step, stop, separator, rewindbutton_action, timeslider_action, forwardbutton_action, separator, fullscreen, mute, volumeslider_action
actions\controlwidget_mini=play_or_pause, stop, separator, rewind1, timeslider_action, forward1, separator, mute, volumeslider_action
actions\floating_control=play, pause, stop, separator, rewindbutton_action, timeslider_action, forwardbutton_action, separator, fullscreen, mute, volumeslider_action, separator, timelabel_action
actions\toolbar1_version=1
[base_gui_plus]
show_tray_icon=false
mainwindow_visible=true
trayicon_playlist_was_visible=false
widgets_size=0
fullscreen_playlist_was_visible=false
fullscreen_playlist_was_floating=false
compact_playlist_was_visible=false
ignore_playlist_events=false
[playlist]
repeat=false
shuffle=false
auto_get_info=false
recursive_add_directory=false
save_playlist_in_config=true
play_files_from_start=true
automatically_play_next=true
row_spacing=-1
latest_dir=
[playlist_contents]
count=0
current_item=-1
modified=false

15
tools-hardened/desktop/thuser/.config/user-dirs.dirs
View file

@ -1,15 +0,0 @@
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Music"
XDG_PICTURES_DIR="$HOME/Pictures"
XDG_VIDEOS_DIR="$HOME/Videos"

1
tools-hardened/desktop/thuser/.config/user-dirs.locale
View file

@ -1 +0,0 @@
C

12
tools-hardened/desktop/thuser/.config/xfce4/desktop/icons.screen0-1008x671.rc
View file

@ -1,12 +0,0 @@
[Trash]
row=2
col=0
[File System]
row=1
col=0
[Home]
row=0
col=0

12
tools-hardened/desktop/thuser/.config/xfce4/desktop/icons.screen0-1008x672.rc
View file

@ -1,12 +0,0 @@
[Trash]
row=2
col=0
[File System]
row=1
col=0
[Home]
row=0
col=0

12
tools-hardened/desktop/thuser/.config/xfce4/desktop/icons.screen0-1008x721.rc
View file

@ -1,12 +0,0 @@
[Trash]
row=2
col=0
[File System]
row=1
col=0
[Home]
row=0
col=0

12
tools-hardened/desktop/thuser/.config/xfce4/desktop/icons.screen0-1584x807.rc
View file

@ -1,12 +0,0 @@
[Trash]
row=1
col=0
[File System]
row=0
col=1
[Home]
row=0
col=0

2
tools-hardened/desktop/thuser/.config/xfce4/help.rc
View file

@ -1,2 +0,0 @@
auto-online=false

4
tools-hardened/desktop/thuser/.config/xfce4/helpers.rc
View file

@ -1,4 +0,0 @@
TerminalEmulator=xfce4-terminal
WebBrowser=firefox
MailReader=sylpheed

17
tools-hardened/desktop/thuser/.config/xfce4/panel/cpugraph-12.rc
View file

@ -1,17 +0,0 @@
UpdateInterval=0
TimeScale=0
Size=16
Mode=0
Frame=1
Border=1
Bars=1
TrackedCore=0
Command=xfce4-taskmanager
InTerminal=0
StartupNotification=1
ColorMode=0
Foreground1=#0000ffff0000
Foreground2=#ffff00000000
Foreground3=#00000000ffff
Background=#ffffffffffff

13
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-10/13679615612.desktop
View file

@ -1,13 +0,0 @@
[Desktop Entry]
Version=1.0
Type=Application
Exec=exo-open --launch FileManager %u
Icon=system-file-manager
StartupNotify=true
Terminal=false
Categories=Utility;X-XFCE;X-Xfce-Toplevel;
OnlyShowIn=XFCE;
X-XFCE-MimeType=x-scheme-handler/file;x-scheme-handler/trash;
Name=File Manager
Comment=Browse the file system
X-XFCE-Source=file:///usr/share/applications/exo-file-manager.desktop

13
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-16/13679616705.desktop
View file

@ -1,13 +0,0 @@
[Desktop Entry]
Exec=abiword %U
Icon=abiword
Terminal=false
Type=Application
Categories=Office;WordProcessor;GNOME;GTK;X-Red-Hat-Base;
StartupNotify=true
X-Desktop-File-Install-Version=0.9
MimeType=application/x-abiword;text/x-abiword;text/x-xml-abiword;text/plain;application/msword;application/rtf;application/vnd.plain;application/xhtml+xml;text/html;application/x-crossmark;application/docbook+xml;application/x-t602;application/vnd.oasis.opendocument.text;application/vnd.oasis.opendocument.text-template;application/vnd.oasis.opendocument.text-web;application/vnd.sun.xml.writer;application/vnd.stardivision.writer;text/vnd.wap.wml;application/wordperfect6;application/wordperfect5.1;application/vnd.wordperfect;application/x-abicollab;
Name=AbiWord
GenericName=Word Processor
Comment=Compose, edit, and view documents
X-XFCE-Source=file:///usr/share/applications/abiword.desktop

10
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-17/13954274922.desktop
View file

@ -1,10 +0,0 @@
[Desktop Entry]
Name=Sylpheed
Comment=E-Mail client
Exec=sylpheed
Icon=sylpheed
MimeType=message/rfc822;x-scheme-handler/mailto;
Terminal=false
Type=Application
Categories=GTK;Network;Email;News;
X-XFCE-Source=file:///usr/share/applications/sylpheed.desktop

10
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-18/13954274581.desktop
View file

@ -1,10 +0,0 @@
[Desktop Entry]
Name=Aurora
Comment=Web Browser
Exec=firefox %U
Icon=aurora
Terminal=false
Type=Application
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;
Categories=Network;WebBrowser;
X-XFCE-Source=file:///usr/share/applications/firefox.desktop

15
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-20/13954275323.desktop
View file

@ -1,15 +0,0 @@
[Desktop Entry]
Version=1.0
Name=VLC media player
GenericName=Media player
Comment=Read, capture, broadcast your multimedia streams
Exec=/usr/bin/vlc %U
TryExec=/usr/bin/vlc
Icon=vlc
Terminal=false
Type=Application
Categories=AudioVideo;Player;Recorder;
MimeType=video/dv;video/mpeg;video/x-mpeg;video/msvideo;video/quicktime;video/x-anim;video/x-avi;video/x-ms-asf;video/x-ms-wmv;video/x-msvideo;video/x-nsv;video/x-flc;video/x-fli;video/x-flv;video/vnd.rn-realvideo;video/mp4;video/mp4v-es;video/mp2t;application/ogg;application/x-ogg;video/x-ogm+ogg;audio/x-vorbis+ogg;application/x-matroska;audio/x-matroska;video/x-matroska;video/webm;audio/webm;audio/x-mp3;audio/x-mpeg;audio/mpeg;audio/x-wav;audio/x-mpegurl;audio/x-scpls;audio/x-m4a;audio/x-ms-asf;audio/x-ms-asx;audio/x-ms-wax;application/vnd.rn-realmedia;audio/x-real-audio;audio/x-pn-realaudio;application/x-flac;audio/x-flac;application/x-shockwave-flash;misc/ultravox;audio/vnd.rn-realaudio;audio/x-pn-aiff;audio/x-pn-au;audio/x-pn-wav;audio/x-pn-windows-acm;image/vnd.rn-realpix;audio/x-pn-realaudio-plugin;application/x-extension-mp4;audio/mp4;audio/amr;audio/amr-wb;x-content/video-vcd;x-content/video-svcd;x-content/video-dvd;x-content/audio-cdda;x-content/audio-player;application/xspf+xml;x-scheme-handler/mms;x-scheme-handler/rtmp;x-scheme-handler/rtsp;
X-KDE-Protocols=ftp,http,https,mms,rtmp,rtsp,sftp,smb
Keywords=Player;Capture;DVD;Audio;Video;Server;Broadcast;
X-XFCE-Source=file:///usr/share/applications/vlc.desktop

10
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-21/136796182710.desktop
View file

@ -1,10 +0,0 @@
[Desktop Entry]
Name=HexChat IRC
Comment=Chat with other people using Internet Relay Chat
Exec=hexchat
Icon=hexchat
Terminal=false
Type=Application
Categories=Network;
StartupNotify=true
X-XFCE-Source=file:///usr/share/applications/hexchat.desktop

14
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-22/13954275454.desktop
View file

@ -1,14 +0,0 @@
[Desktop Entry]
Version=1.0
Name=Ristretto Image Viewer
Comment=Look at your images easily
GenericName=Image Viewer
Exec=ristretto %F
Icon=ristretto
Terminal=false
Type=Application
X-MultipleArgs=false
Categories=GTK;Graphics;Viewer;
StartupNotify=true
MimeType=image/png;image/gif;image/jpeg;image/bmp;image/x-pixmap;image/tiff;image/svg+xml;image/x-xpixmap;
X-XFCE-Source=file:///usr/share/applications/ristretto.desktop

12
tools-hardened/desktop/thuser/.config/xfce4/panel/launcher-9/13679615611.desktop
View file

@ -1,12 +0,0 @@
[Desktop Entry]
Version=1.0
Type=Application
Exec=exo-open --launch TerminalEmulator
Icon=utilities-terminal
StartupNotify=true
Terminal=false
Categories=Utility;X-XFCE;X-Xfce-Toplevel;
OnlyShowIn=XFCE;
Name=Terminal Emulator
Comment=Use the command line
X-XFCE-Source=file:///usr/share/applications/exo-terminal-emulator.desktop

22
tools-hardened/desktop/thuser/.config/xfce4/panel/whiskermenu-25.rc
View file

@ -1,22 +0,0 @@
button-title=Applications Menu
button-icon=xfce4-panel-menu
show-button-title=true
show-button-icon=true
launcher-show-name=true
launcher-show-description=true
hover-switch-category=false
category-icon-size=1
item-icon-size=2
load-hierarchy=false
favorites-in-recent=true
display-recent-default=false
position-search-alternate=false
position-commands-alternate=false
command-settings=xfce4-settings-manager
command-lockscreen=xflock4
command-logout=xfce4-session-logout
favorites=exo-terminal-emulator.desktop,exo-file-manager.desktop,exo-mail-reader.desktop,exo-web-browser.desktop
recent=xfce-backdrop-settings.desktop,xfce-wmtweaks-settings.desktop,xfcecomped.desktop,xfce-wm-settings.desktop,Thunar.desktop,exo-mail-reader.desktop,xfce-display-settings.desktop,galculator.desktop,xfce-keyboard-settings.desktop
menu-width=400
menu-height=500

18
tools-hardened/desktop/thuser/.config/xfce4/xfce4-taskmanager.rc
View file

@ -1,18 +0,0 @@
[Settings]
ShowAllProcesses=FALSE
MorePrecision=FALSE
FullCommandLine=FALSE
ShowStatusIcon=TRUE
RefreshRate=750
ColumnUID=FALSE
ColumnPID=TRUE
ColumnPPID=FALSE
ColumnState=FALSE
ColumnVSZ=FALSE
ColumnRSS=TRUE
ColumnCPU=TRUE
ColumnPriority=FALSE
SortColumn=0
SortType=0
WindowWidth=512
WindowHeight=465

30
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/displays.xml
View file

@ -1,30 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="displays" version="1.0">
<property name="Default" type="empty">
<property name="HDMI-0" type="string" value="HDMI-0">
<property name="Active" type="bool" value="true"/>
<property name="Resolution" type="string" value="1600x900"/>
<property name="RefreshRate" type="double" value="59.622971"/>
<property name="Rotation" type="int" value="0"/>
<property name="Reflection" type="string" value="0"/>
<property name="Primary" type="bool" value="false"/>
<property name="Position" type="empty">
<property name="X" type="int" value="0"/>
<property name="Y" type="int" value="0"/>
</property>
</property>
<property name="DVI-1" type="string" value="Acer 20&quot;">
<property name="Active" type="bool" value="false"/>
<property name="Resolution" type="string" value="1152x864"/>
<property name="RefreshRate" type="double" value="75.000000"/>
<property name="Rotation" type="int" value="0"/>
<property name="Reflection" type="string" value="0"/>
<property name="Primary" type="bool" value="false"/>
<property name="Position" type="empty">
<property name="X" type="int" value="0"/>
<property name="Y" type="int" value="0"/>
</property>
</property>
</property>
</channel>

7
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/keyboards.xml
View file

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="keyboards" version="1.0">
<property name="Default" type="empty">
<property name="Numlock" type="bool" value="false"/>
</property>
</channel>

9
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/ristretto.xml
View file

@ -1,9 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="ristretto" version="1.0">
<property name="window" type="empty">
<property name="navigationbar" type="empty">
<property name="position" type="string" value="left"/>
</property>
</property>
</channel>

6
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
View file

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="thunar" version="1.0">
<property name="last-view" type="string" value="ThunarIconView"/>
<property name="last-icon-view-zoom-level" type="string" value="THUNAR_ZOOM_LEVEL_NORMAL"/>
</channel>

9
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-appfinder.xml
View file

@ -1,9 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-appfinder" version="1.0">
<property name="last" type="empty">
<property name="window-height" type="int" value="400"/>
<property name="window-width" type="int" value="400"/>
<property name="pane-position" type="int" value="180"/>
</property>
</channel>

41
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
View file

@ -1,41 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-desktop" version="1.0">
<property name="backdrop" type="empty">
<property name="screen0" type="empty">
<property name="monitor0" type="empty">
<property name="image-path" type="string" value="/usr/share/backgrounds/background.jpg"/>
<property name="last-image" type="string" value="/usr/share/backgrounds/background.jpg"/>
<property name="last-single-image" type="string" value="/usr/share/backgrounds/background.jpg"/>
</property>
<property name="monitor1" type="empty">
<property name="image-path" type="string" value="/usr/share/backgrounds/xfce/xfce-blue.jpg"/>
<property name="last-image" type="string" value="/usr/share/backgrounds/xfce/xfce-blue.jpg"/>
<property name="last-single-image" type="string" value="/usr/share/backgrounds/xfce/xfce-blue.jpg"/>
</property>
</property>
</property>
<property name="desktop-icons" type="empty">
<property name="icon-size" type="uint" value="45"/>
<property name="file-icons" type="empty">
<property name="show-home" type="bool" value="true"/>
<property name="show-filesystem" type="bool" value="true"/>
<property name="show-trash" type="bool" value="true"/>
<property name="show-removable" type="bool" value="false"/>
</property>
<property name="single-click" type="bool" value="false"/>
<property name="style" type="int" value="2"/>
<property name="use-custom-font-size" type="bool" value="false"/>
</property>
<property name="windowlist-menu" type="empty">
<property name="show" type="bool" value="false"/>
<property name="show-workspace-names" type="bool" value="false"/>
<property name="show-submenus" type="bool" value="true"/>
<property name="show-sticky-once" type="bool" value="true"/>
<property name="show-icons" type="bool" value="false"/>
</property>
<property name="desktop-menu" type="empty">
<property name="show" type="bool" value="false"/>
<property name="show-icons" type="bool" value="true"/>
</property>
</channel>

149
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml
View file

@ -1,149 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-keyboard-shortcuts" version="1.0">
<property name="commands" type="empty">
<property name="default" type="empty">
<property name="&lt;Alt&gt;F1" type="empty"/>
<property name="&lt;Alt&gt;F2" type="empty">
<property name="startup-notify" type="empty"/>
</property>
<property name="&lt;Alt&gt;F3" type="empty">
<property name="startup-notify" type="empty"/>
</property>
<property name="&lt;Control&gt;&lt;Alt&gt;Delete" type="empty"/>
<property name="XF86Display" type="empty"/>
<property name="&lt;Super&gt;p" type="empty"/>
<property name="&lt;Control&gt;Escape" type="empty"/>
<property name="XF86WWW" type="empty"/>
<property name="XF86Mail" type="empty"/>
</property>
<property name="custom" type="empty">
<property name="&lt;Control&gt;Escape" type="string" value="xfdesktop --menu"/>
<property name="&lt;Alt&gt;F2" type="string" value="xfce4-appfinder --collapsed"/>
<property name="&lt;Alt&gt;F3" type="string" value="xfce4-appfinder"/>
<property name="&lt;Alt&gt;F1" type="string" value="xfce4-popup-applicationsmenu"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Delete" type="string" value="xflock4"/>
<property name="XF86Mail" type="string" value="exo-open --launch MailReader"/>
<property name="XF86Display" type="string" value="xfce4-display-settings --minimal"/>
<property name="XF86WWW" type="string" value="exo-open --launch WebBrowser"/>
<property name="&lt;Super&gt;p" type="string" value="xfce4-display-settings --minimal"/>
<property name="override" type="bool" value="true"/>
<property name="&lt;Primary&gt;&lt;Alt&gt;t" type="string" value="xfce4-terminal"/>
</property>
</property>
<property name="xfwm4" type="empty">
<property name="default" type="empty">
<property name="&lt;Alt&gt;Insert" type="empty"/>
<property name="Escape" type="empty"/>
<property name="Left" type="empty"/>
<property name="Right" type="empty"/>
<property name="Up" type="empty"/>
<property name="Down" type="empty"/>
<property name="&lt;Alt&gt;Tab" type="empty"/>
<property name="&lt;Alt&gt;&lt;Shift&gt;Tab" type="empty"/>
<property name="&lt;Alt&gt;Delete" type="empty"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Down" type="empty"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Left" type="empty"/>
<property name="&lt;Shift&gt;&lt;Alt&gt;Page_Down" type="empty"/>
<property name="&lt;Alt&gt;F4" type="empty"/>
<property name="&lt;Alt&gt;F6" type="empty"/>
<property name="&lt;Alt&gt;F7" type="empty"/>
<property name="&lt;Alt&gt;F8" type="empty"/>
<property name="&lt;Alt&gt;F9" type="empty"/>
<property name="&lt;Alt&gt;F10" type="empty"/>
<property name="&lt;Alt&gt;F11" type="empty"/>
<property name="&lt;Alt&gt;F12" type="empty"/>
<property name="&lt;Control&gt;&lt;Shift&gt;&lt;Alt&gt;Left" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;End" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;Home" type="empty"/>
<property name="&lt;Control&gt;&lt;Shift&gt;&lt;Alt&gt;Right" type="empty"/>
<property name="&lt;Control&gt;&lt;Shift&gt;&lt;Alt&gt;Up" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_1" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_2" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_3" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_4" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_5" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_6" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_7" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_8" type="empty"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_9" type="empty"/>
<property name="&lt;Alt&gt;space" type="empty"/>
<property name="&lt;Shift&gt;&lt;Alt&gt;Page_Up" type="empty"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Right" type="empty"/>
<property name="&lt;Control&gt;&lt;Alt&gt;d" type="empty"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Up" type="empty"/>
<property name="&lt;Super&gt;Tab" type="empty"/>
<property name="&lt;Control&gt;F1" type="empty"/>
<property name="&lt;Control&gt;F2" type="empty"/>
<property name="&lt;Control&gt;F3" type="empty"/>
<property name="&lt;Control&gt;F4" type="empty"/>
<property name="&lt;Control&gt;F5" type="empty"/>
<property name="&lt;Control&gt;F6" type="empty"/>
<property name="&lt;Control&gt;F7" type="empty"/>
<property name="&lt;Control&gt;F8" type="empty"/>
<property name="&lt;Control&gt;F9" type="empty"/>
<property name="&lt;Control&gt;F10" type="empty"/>
<property name="&lt;Control&gt;F11" type="empty"/>
<property name="&lt;Control&gt;F12" type="empty"/>
</property>
<property name="custom" type="empty">
<property name="&lt;Control&gt;F3" type="string" value="workspace_3_key"/>
<property name="&lt;Control&gt;F4" type="string" value="workspace_4_key"/>
<property name="&lt;Control&gt;F5" type="string" value="workspace_5_key"/>
<property name="&lt;Control&gt;F6" type="string" value="workspace_6_key"/>
<property name="&lt;Control&gt;F7" type="string" value="workspace_7_key"/>
<property name="&lt;Control&gt;F8" type="string" value="workspace_8_key"/>
<property name="&lt;Control&gt;F9" type="string" value="workspace_9_key"/>
<property name="&lt;Alt&gt;Tab" type="string" value="cycle_windows_key"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Right" type="string" value="right_workspace_key"/>
<property name="Left" type="string" value="left_key"/>
<property name="&lt;Control&gt;&lt;Alt&gt;d" type="string" value="show_desktop_key"/>
<property name="&lt;Control&gt;&lt;Shift&gt;&lt;Alt&gt;Left" type="string" value="move_window_left_key"/>
<property name="&lt;Control&gt;&lt;Shift&gt;&lt;Alt&gt;Right" type="string" value="move_window_right_key"/>
<property name="Up" type="string" value="up_key"/>
<property name="&lt;Alt&gt;F4" type="string" value="close_window_key"/>
<property name="&lt;Alt&gt;F6" type="string" value="stick_window_key"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Down" type="string" value="down_workspace_key"/>
<property name="&lt;Alt&gt;F7" type="string" value="move_window_key"/>
<property name="&lt;Alt&gt;F9" type="string" value="hide_window_key"/>
<property name="&lt;Alt&gt;F11" type="string" value="fullscreen_key"/>
<property name="&lt;Alt&gt;F8" type="string" value="resize_window_key"/>
<property name="&lt;Super&gt;Tab" type="string" value="switch_window_key"/>
<property name="Escape" type="string" value="cancel_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_1" type="string" value="move_window_workspace_1_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_2" type="string" value="move_window_workspace_2_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_3" type="string" value="move_window_workspace_3_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_4" type="string" value="move_window_workspace_4_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_5" type="string" value="move_window_workspace_5_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_6" type="string" value="move_window_workspace_6_key"/>
<property name="Down" type="string" value="down_key"/>
<property name="&lt;Control&gt;&lt;Shift&gt;&lt;Alt&gt;Up" type="string" value="move_window_up_key"/>
<property name="&lt;Shift&gt;&lt;Alt&gt;Page_Down" type="string" value="lower_window_key"/>
<property name="&lt;Alt&gt;F12" type="string" value="above_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_8" type="string" value="move_window_workspace_8_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_9" type="string" value="move_window_workspace_9_key"/>
<property name="Right" type="string" value="right_key"/>
<property name="&lt;Alt&gt;F10" type="string" value="maximize_window_key"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Up" type="string" value="up_workspace_key"/>
<property name="&lt;Control&gt;F10" type="string" value="workspace_10_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;KP_7" type="string" value="move_window_workspace_7_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;End" type="string" value="move_window_next_workspace_key"/>
<property name="&lt;Alt&gt;Delete" type="string" value="del_workspace_key"/>
<property name="&lt;Control&gt;&lt;Alt&gt;Left" type="string" value="left_workspace_key"/>
<property name="&lt;Control&gt;F12" type="string" value="workspace_12_key"/>
<property name="&lt;Alt&gt;space" type="string" value="popup_menu_key"/>
<property name="&lt;Alt&gt;&lt;Shift&gt;Tab" type="string" value="cycle_reverse_windows_key"/>
<property name="&lt;Shift&gt;&lt;Alt&gt;Page_Up" type="string" value="raise_window_key"/>
<property name="&lt;Alt&gt;Insert" type="string" value="add_workspace_key"/>
<property name="&lt;Alt&gt;&lt;Control&gt;Home" type="string" value="move_window_prev_workspace_key"/>
<property name="&lt;Control&gt;F2" type="string" value="workspace_2_key"/>
<property name="&lt;Control&gt;F1" type="string" value="workspace_1_key"/>
<property name="&lt;Control&gt;F11" type="string" value="workspace_11_key"/>
<property name="override" type="bool" value="true"/>
</property>
</property>
<property name="providers" type="array">
<value type="string" value="xfwm4"/>
<value type="string" value="commands"/>
</property>
</channel>

25
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
View file

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-mixer" version="1.0">
<property name="volume-step-size" type="uint" value="5"/>
<property name="active-card" type="string" value="HDAIntelAlsamixer"/>
<property name="sound-card" type="string" value="LogitechUSBHeadsetH540Alsamixer"/>
<property name="sound-cards" type="empty">
<property name="HDAIntelAlsamixer" type="array">
<value type="string" value="IEC958 Default PCM"/>
<value type="string" value="PCM"/>
<value type="string" value="Speaker"/>
<value type="string" value="Headphone"/>
<value type="string" value="Master"/>
</property>
<property name="PlaybackDummyOutputPulseAudioMixer" type="array">
<value type="string" value="Master"/>
</property>
<property name="LogitechUSBHeadsetH540Alsamixer" type="array">
<value type="string" value="Microphone"/>
<value type="string" value="Headphone"/>
</property>
</property>
<property name="window-height" type="int" value="468"/>
<property name="window-width" type="int" value="601"/>
</channel>

166
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
View file

@ -1,166 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-panel" version="1.0">
<property name="configver" type="int" value="2"/>
<property name="panels" type="array">
<value type="int" value="1"/>
<value type="int" value="2"/>
<property name="panel-1" type="empty">
<property name="position" type="string" value="p=6;x=0;y=0"/>
<property name="length" type="uint" value="100"/>
<property name="position-locked" type="bool" value="true"/>
<property name="size" type="uint" value="30"/>
<property name="plugin-ids" type="array">
<value type="int" value="25"/>
<value type="int" value="11"/>
<value type="int" value="3"/>
<value type="int" value="15"/>
<value type="int" value="19"/>
<value type="int" value="12"/>
<value type="int" value="4"/>
<value type="int" value="24"/>
<value type="int" value="5"/>
<value type="int" value="6"/>
<value type="int" value="2"/>
</property>
<property name="background-style" type="uint" value="0"/>
<property name="background-color" type="array">
<value type="uint" value="60005"/>
<value type="uint" value="2359"/>
<value type="uint" value="2359"/>
<value type="uint" value="65535"/>
</property>
</property>
<property name="panel-2" type="empty">
<property name="position" type="string" value="p=10;x=0;y=0"/>
<property name="position-locked" type="bool" value="true"/>
<property name="plugin-ids" type="array">
<value type="int" value="7"/>
<value type="int" value="8"/>
<value type="int" value="9"/>
<value type="int" value="10"/>
<value type="int" value="18"/>
<value type="int" value="17"/>
<value type="int" value="16"/>
<value type="int" value="20"/>
<value type="int" value="22"/>
<value type="int" value="21"/>
<value type="int" value="13"/>
<value type="int" value="14"/>
<value type="int" value="23"/>
</property>
<property name="background-style" type="uint" value="0"/>
<property name="background-color" type="array">
<value type="uint" value="5652"/>
<value type="uint" value="42812"/>
<value type="uint" value="51826"/>
<value type="uint" value="65535"/>
</property>
<property name="autohide" type="bool" value="false"/>
<property name="disable-struts" type="bool" value="false"/>
<property name="mode" type="uint" value="0"/>
<property name="size" type="uint" value="45"/>
<property name="nrows" type="uint" value="1"/>
<property name="length" type="uint" value="1"/>
</property>
</property>
<property name="plugins" type="empty">
<property name="plugin-2" type="string" value="actions">
<property name="items" type="array">
<value type="string" value="+lock-screen"/>
<value type="string" value="-switch-user"/>
<value type="string" value="+separator"/>
<value type="string" value="-suspend"/>
<value type="string" value="-hibernate"/>
<value type="string" value="-separator"/>
<value type="string" value="+shutdown"/>
<value type="string" value="-restart"/>
<value type="string" value="+separator"/>
<value type="string" value="+logout"/>
<value type="string" value="-logout-dialog"/>
</property>
</property>
<property name="plugin-3" type="string" value="tasklist"/>
<property name="plugin-15" type="string" value="separator">
<property name="expand" type="bool" value="true"/>
<property name="style" type="uint" value="0"/>
</property>
<property name="plugin-4" type="string" value="pager"/>
<property name="plugin-5" type="string" value="clock"/>
<property name="plugin-6" type="string" value="systray">
<property name="names-visible" type="array">
<value type="string" value="sylpheed"/>
<value type="string" value="vlc"/>
<value type="string" value="task manager"/>
<value type="string" value="thunar"/>
</property>
</property>
<property name="plugin-7" type="string" value="showdesktop"/>
<property name="plugin-8" type="string" value="separator">
<property name="style" type="uint" value="1"/>
</property>
<property name="plugin-9" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13679615611.desktop"/>
</property>
</property>
<property name="plugin-10" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13679615612.desktop"/>
</property>
</property>
<property name="plugin-13" type="string" value="separator">
<property name="style" type="uint" value="1"/>
</property>
<property name="plugin-14" type="string" value="directorymenu">
<property name="base-directory" type="string" value="/home/gentoo"/>
</property>
<property name="plugin-16" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13679616705.desktop"/>
</property>
</property>
<property name="plugin-17" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13954274922.desktop"/>
</property>
</property>
<property name="plugin-18" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13954274581.desktop"/>
</property>
</property>
<property name="plugin-20" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13954275323.desktop"/>
</property>
</property>
<property name="plugin-21" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="136796182710.desktop"/>
</property>
</property>
<property name="plugin-22" type="string" value="launcher">
<property name="items" type="array">
<value type="string" value="13954275454.desktop"/>
</property>
</property>
<property name="plugin-23" type="string" value="thunar-tpa"/>
<property name="plugin-11" type="string" value="places">
<property name="show-button-type" type="int" value="1"/>
<property name="button-label" type="string" value=" Places"/>
<property name="mount-open-volumes" type="bool" value="true"/>
</property>
<property name="plugin-24" type="string" value="mixer">
<property name="sound-card" type="string" value="HDAATISBAlsamixer"/>
<property name="track" type="string" value="Master"/>
<property name="command" type="string" value="xfce4-mixer"/>
<property name="enable-keyboard-shortcuts" type="bool" value="true"/>
</property>
<property name="plugin-25" type="string" value="whiskermenu"/>
<property name="plugin-12" type="string" value="cpugraph"/>
<property name="plugin-19" type="string" value="separator">
<property name="style" type="uint" value="2"/>
</property>
</property>
</channel>

28
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
View file

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-session" version="1.0">
<property name="general" type="empty">
<property name="FailsafeSessionName" type="empty"/>
<property name="SessionName" type="string" value="Default"/>
<property name="SaveOnExit" type="bool" value="false"/>
</property>
<property name="sessions" type="empty">
<property name="Failsafe" type="empty">
<property name="IsFailsafe" type="empty"/>
<property name="Count" type="empty"/>
<property name="Client0_Command" type="empty"/>
<property name="Client0_PerScreen" type="empty"/>
<property name="Client1_Command" type="empty"/>
<property name="Client1_PerScreen" type="empty"/>
<property name="Client2_Command" type="empty"/>
<property name="Client2_PerScreen" type="empty"/>
<property name="Client3_Command" type="empty"/>
<property name="Client3_PerScreen" type="empty"/>
<property name="Client4_Command" type="empty"/>
<property name="Client4_PerScreen" type="empty"/>
</property>
</property>
<property name="splash" type="empty">
<property name="Engine" type="empty"/>
</property>
</channel>

82
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml
View file

@ -1,82 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfwm4" version="1.0">
<property name="general" type="empty">
<property name="activate_action" type="string" value="bring"/>
<property name="borderless_maximize" type="bool" value="true"/>
<property name="box_move" type="bool" value="false"/>
<property name="box_resize" type="bool" value="false"/>
<property name="button_layout" type="string" value="O|SHMC"/>
<property name="button_offset" type="int" value="0"/>
<property name="button_spacing" type="int" value="0"/>
<property name="click_to_focus" type="bool" value="true"/>
<property name="focus_delay" type="int" value="250"/>
<property name="cycle_apps_only" type="bool" value="false"/>
<property name="cycle_draw_frame" type="bool" value="true"/>
<property name="cycle_hidden" type="bool" value="true"/>
<property name="cycle_minimum" type="bool" value="true"/>
<property name="cycle_workspaces" type="bool" value="false"/>
<property name="double_click_time" type="int" value="250"/>
<property name="double_click_distance" type="int" value="5"/>
<property name="double_click_action" type="string" value="maximize"/>
<property name="easy_click" type="string" value="Alt"/>
<property name="focus_hint" type="bool" value="true"/>
<property name="focus_new" type="bool" value="true"/>
<property name="frame_opacity" type="int" value="100"/>
<property name="full_width_title" type="bool" value="true"/>
<property name="inactive_opacity" type="int" value="100"/>
<property name="maximized_offset" type="int" value="0"/>
<property name="move_opacity" type="int" value="100"/>
<property name="placement_ratio" type="int" value="20"/>
<property name="placement_mode" type="string" value="center"/>
<property name="popup_opacity" type="int" value="100"/>
<property name="mousewheel_rollup" type="bool" value="true"/>
<property name="prevent_focus_stealing" type="bool" value="false"/>
<property name="raise_delay" type="int" value="250"/>
<property name="raise_on_click" type="bool" value="true"/>
<property name="raise_on_focus" type="bool" value="false"/>
<property name="raise_with_any_button" type="bool" value="true"/>
<property name="repeat_urgent_blink" type="bool" value="false"/>
<property name="resize_opacity" type="int" value="100"/>
<property name="restore_on_move" type="bool" value="true"/>
<property name="scroll_workspaces" type="bool" value="true"/>
<property name="shadow_delta_height" type="int" value="0"/>
<property name="shadow_delta_width" type="int" value="0"/>
<property name="shadow_delta_x" type="int" value="0"/>
<property name="shadow_delta_y" type="int" value="-3"/>
<property name="shadow_opacity" type="int" value="50"/>
<property name="show_app_icon" type="bool" value="false"/>
<property name="show_dock_shadow" type="bool" value="true"/>
<property name="show_frame_shadow" type="bool" value="false"/>
<property name="show_popup_shadow" type="bool" value="false"/>
<property name="snap_resist" type="bool" value="false"/>
<property name="snap_to_border" type="bool" value="true"/>
<property name="snap_to_windows" type="bool" value="false"/>
<property name="snap_width" type="int" value="10"/>
<property name="theme" type="string" value="Default"/>
<property name="tile_on_move" type="bool" value="true"/>
<property name="title_alignment" type="string" value="center"/>
<property name="title_font" type="string" value="Sans Bold 9"/>
<property name="title_horizontal_offset" type="int" value="0"/>
<property name="title_shadow_active" type="string" value="false"/>
<property name="title_shadow_inactive" type="string" value="false"/>
<property name="title_vertical_offset_active" type="int" value="0"/>
<property name="title_vertical_offset_inactive" type="int" value="0"/>
<property name="toggle_workspaces" type="bool" value="false"/>
<property name="unredirect_overlays" type="bool" value="true"/>
<property name="urgent_blink" type="bool" value="false"/>
<property name="use_compositing" type="bool" value="true"/>
<property name="workspace_count" type="int" value="4"/>
<property name="workspace_names" type="array">
<value type="string" value="Workspace 1"/>
<value type="string" value="Workspace 2"/>
<value type="string" value="Workspace 3"/>
<value type="string" value="Workspace 4"/>
</property>
<property name="wrap_cycle" type="bool" value="true"/>
<property name="wrap_layout" type="bool" value="true"/>
<property name="wrap_resistance" type="int" value="10"/>
<property name="wrap_windows" type="bool" value="true"/>
<property name="wrap_workspaces" type="bool" value="false"/>
</property>
</channel>

40
tools-hardened/desktop/thuser/.config/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml
View file

@ -1,40 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xsettings" version="1.0">
<property name="Net" type="empty">
<property name="ThemeName" type="string" value="Xfce-dusk"/>
<property name="IconThemeName" type="empty"/>
<property name="DoubleClickTime" type="empty"/>
<property name="DoubleClickDistance" type="empty"/>
<property name="DndDragThreshold" type="empty"/>
<property name="CursorBlink" type="empty"/>
<property name="CursorBlinkTime" type="empty"/>
<property name="SoundThemeName" type="empty"/>
<property name="EnableEventSounds" type="empty"/>
<property name="EnableInputFeedbackSounds" type="empty"/>
</property>
<property name="Xft" type="empty">
<property name="DPI" type="empty"/>
<property name="Antialias" type="empty"/>
<property name="Hinting" type="empty"/>
<property name="HintStyle" type="empty"/>
<property name="RGBA" type="empty"/>
</property>
<property name="Gtk" type="empty">
<property name="CanChangeAccels" type="empty"/>
<property name="ColorPalette" type="empty"/>
<property name="FontName" type="empty"/>
<property name="IconSizes" type="empty"/>
<property name="KeyThemeName" type="empty"/>
<property name="ToolbarStyle" type="empty"/>
<property name="ToolbarIconSize" type="empty"/>
<property name="IMPreeditStyle" type="empty"/>
<property name="IMStatusStyle" type="empty"/>
<property name="MenuImages" type="empty"/>
<property name="ButtonImages" type="empty"/>
<property name="MenuBarAccel" type="empty"/>
<property name="CursorThemeName" type="empty"/>
<property name="CursorThemeSize" type="empty"/>
<property name="IMModule" type="empty"/>
</property>
</channel>

15
tools-hardened/desktop/thuser/.gtkrc-2.0
View file

@ -1,15 +0,0 @@
style "xfdesktop-icon-view" {
XfdesktopIconView::label-alpha = 0
XfdesktopIconView::cell-spacing = 2
XfdesktopIconView::cell-padding = 2
XfdesktopIconView::cell-text-width-proportion = 1.8
}
widget_class "*XfdesktopIconView*" style "xfdesktop-icon-view"
style "panel-icon-fix" {
xthickness = 0
ythickness = 0
}
widget "*Xfce*Panel*Button*" style "panel-icon-fix"
class "*Xfce*Panel*Button*" style "panel-icon-fix"

3
tools-hardened/desktop/thuser/.xinitrc
View file

@ -1,3 +0,0 @@
#/bin/bash -l
/usr/bin/gnome-session

13
tools-hardened/desktop/toolchain.sh
View file

@ -1,13 +0,0 @@
#!/bin/bash -l
kernel_dir="/usr/src/linux-tinhat"
source /etc/profile
env-update
KERNEL_DIR="${kernel_dir}" emerge -1q binutils
source /etc/profile
env-update
KERNEL_DIR="${kernel_dir}" emerge -1q gcc
source /etc/profile
env-update
KERNEL_DIR="${kernel_dir}" emerge -1q glibc

Some files were not shown because too many files have changed in this diff Show more