Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Discussions about the Application Boundaries Enforcer (ABE) module
ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Thu Sep 03, 2015 10:51 pm

Thrawn wrote:ABE is specifically for filtering HTTP requests. It's a web firewall, not a general-purpose one. FTP is out of scope

:( lets search another option

Thank you


barbaz wrote:And I missed yet another detail in the rule...

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss?)://[^/:]+[/:].*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct|com)(?:[^0-9A-Za-z/].*)?$
Deny INC

Apparently there is also a "ws" protocol that communicates with Internet...


Thanks


barbaz wrote:Yep. (Well, had to dual boot anyway, but using Lubuntu as my main OS.) I'd rather not get into the details of why here.
(see viewtopic.php?p=74942#p74942 for some of it)


Ubuntu send some info ... de-install Amazon ... and he connect to geo.ubuntu.com
I can guide to disable all that ...
RedHAT and Fedora much NSA :lol:


barbaz wrote:...
Oddly I didn't have very much better luck even starting with a pre-built VM that already had a desktop environment (again, I could use it "as-is" but getting other software onto it was still a problem.)
Any advice for me for next time I decide to try it again?


Yeap no problem ... I test in my side


ruy.benton wrote:Nooooooo ... you sug. Sandbox ...

"I would like a plugin, to alert Firefox -> write files in the system.
I can use lsof ... but lots of work"

barbaz wrote:Well a sandbox will know everything that's written through it... so am I misunderstanding what you're wondering about?


I need only the info ... the path he write ... but i can't find.

And for full protection KVM linux, XEN, Virtualbox, OpenVZ ... for ex.

barbaz wrote:https://l3net.wordpress.com/projects/firejail/
This link looks very interesting to me for a number of reasons. Thanks! :)


I can send more ... other subjects :lol:

Kind Regards,
Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9788
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Thu Sep 03, 2015 11:19 pm

ruy.benton wrote:Ubuntu send some info ... de-install Amazon ... and he connect to geo.ubuntu.com
I can guide to disable all that ...

Thanks, but I think I'm good there. This is part of the reason I'm using *L*ubuntu and not Ubuntu.
In Ubuntu 14.04 I could only partially remove that stuff, but I think I was able to remove it all in a Ubuntu 15.04 VM. Lubuntu (at least the 14.04.1 ISOs) doesn't come with any of it.
(And I don't especially care for the versions of Unity for Ubuntu > 12.04.x anyway.)
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Fri Sep 04, 2015 9:57 pm

barbaz wrote:Thanks, but I think I'm good there. This is part of the reason I'm using *L*ubuntu and not Ubuntu.
In Ubuntu 14.04 I could only partially remove that stuff, but I think I was able to remove it all in a Ubuntu 15.04 VM. Lubuntu (at least the 14.04.1 ISOs) doesn't come with any of it.
(And I don't especially care for the versions of Unity for Ubuntu > 12.04.x anyway.)


You can test with "netstat -a" or "netstat -an and see if there is conn. when you enable the wifi or ether.
It's immediate after enable.

The other problem is search ... files, msg ... doesn't mater ... he send to some hosts ... disable in System Settings.

Thank you for your comments and prompt reply

Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9788
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Fri Sep 04, 2015 10:25 pm

ruy.benton wrote:You can test with "netstat -a" or "netstat -an and see if there is conn. when you enable the wifi or ether.
It's immediate after enable.

All the connections that I see are ones that I initiated.

ruy.benton wrote:The other problem is search ... files, msg ... doesn't mater ... he send to some hosts ... disable in System Settings.

I just went through & deinstalled the online scopes, is that not enough?
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Sun Sep 06, 2015 9:53 pm

barbaz wrote:All the connections that I see are ones that I initiated.

Test 10 ... 15 min or 1 hour interv.

barbaz wrote:I just went through & deinstalled the online scopes, is that not enough?

Ubuntu -> Privacy other OS ... diferent names.
"Click if you want your history ... " files, png, jpg, odt, pdf

Alert: W$n 10 in last versions ... it's code in Kernal
We de-select and they ( OS ) send.
We need take other action ... Install software and change some var.

Kind Regards,
Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

yes_noscript

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by yes_noscript » Sat Dec 24, 2016 10:39 am

I dont know why but the rule #1 break .asc & .sig (PGP) files with NoScript 2.9.5.2rc5
The funny thing is, that open the file with browser works, but if i try to save it, a error pop up and in error console i get that:

Code: Select all

Deny INCLUSION on {GET <URL> <<< chrome://browser/content/browser.xul - 1}


#1

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss?)://[^/:]+[/:].*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct|com)(?:[^0-9A-Za-z/].*)?$
Deny INC


You can test it with:
"https://download.documentfoundation.org/libreoffice/stable/5.2.4/win/x86_64/LibreOffice_5.2.4_Win_x64.msi.asc"
"http://www.palemoon.org/pgp/palemoon-27.0.3.win64.installer.exe.sig"

It look it make difference if the link is HTTPS or not. HTTPS seams to work, but HTTP not. :shock:


The spam filter here is strange. I musst remove URLs and other stuff.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.0) Goanna/20161214 PaleMoon/27.0.3

barbaz
Senior Member
Posts: 9788
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Sat Dec 24, 2016 5:17 pm

@yes_noscript: known bug viewtopic.php?p=85536#p85536
*Always* check the changelogs BEFORE updating that important software!
-

yes_noscript

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by yes_noscript » Sat Dec 24, 2016 7:50 pm

Thanks.

I add Accept from chrome
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:3.0) Goanna/20161214 PaleMoon/27.0.3

Post Reply