Commit 3a4dbd60 authored by Edvard Rejthar's avatar Edvard Rejthar

new ff safebrowsing prefs

parent 7bcad18c
...@@ -34,6 +34,8 @@ user_pref("browser.safebrowsing.provider.google.lastupdatetime", "1486578575144" ...@@ -34,6 +34,8 @@ user_pref("browser.safebrowsing.provider.google.lastupdatetime", "1486578575144"
user_pref("browser.safebrowsing.provider.google.nextupdatetime", "1486580358144"); user_pref("browser.safebrowsing.provider.google.nextupdatetime", "1486580358144");
user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1486578502288"); user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1486578502288");
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1486582102288"); user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1486582102288");
user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.search.countryCode", "CZ"); user_pref("browser.search.countryCode", "CZ");
user_pref("browser.search.region", "CZ"); user_pref("browser.search.region", "CZ");
user_pref("browser.selfsupport.url", ""); user_pref("browser.selfsupport.url", "");
......
...@@ -4,9 +4,9 @@ Scans a website for a sign of a parasite hosts or commands. ...@@ -4,9 +4,9 @@ Scans a website for a sign of a parasite hosts or commands.
## Installation ## Installation
* ```git clone git@gitlab.labs.nic.cz:csirt/mdmaug.git /tmp/mdmaug``` 1. ```git clone git@gitlab.labs.nic.cz:csirt/mdmaug.git /tmp/mdmaug```
* edit config.py 2. edit config.py
* ```/tmp/mdmaug/INSTALL``` 3. ```/tmp/mdmaug/INSTALL```
### Notes ### Notes
...@@ -18,52 +18,11 @@ Scans a website for a sign of a parasite hosts or commands. ...@@ -18,52 +18,11 @@ Scans a website for a sign of a parasite hosts or commands.
## What is done to Firefox profiles? ## What is done to Firefox profiles?
We want no block nor safebrowsing warning. If you created the profiles manually, you'd use ```firefox -P```, the profiles names being: 0,1... We want no block nor safebrowsing warning. If you created the profiles manually, you'd use ```firefox -P```, the profiles names being: 0,1...
For about:config changes, see prefs.js. IE:
* about:config
* browser.sessionstore.resume_from_crash nastavit na false
* browser.sessionstore.max_resumed_crashes nastavit na -1
* toolkit.startup.max_resumed_crashes = -1 (protoze i kdyz prohlizec nekdy killnu, nesmi me pri spusteni otravovat gui popupem) * toolkit.startup.max_resumed_crashes = -1 (protoze i kdyz prohlizec nekdy killnu, nesmi me pri spusteni otravovat gui popupem)
* network.http.accept-encoding = "" # ukladame streamy, ale neumim je rozzipovat * network.http.accept-encoding = "" # ukladame streamy, ale neumim je rozzipovat
* extensions.autoDisableScopes = "0" # moznost instalovat ze vsech umisteni * extensions.autoDisableScopes = "0" # moznost instalovat ze vsech umisteni
* browser.selfsupport.url = "" # tato moznost normalne v about:config neni, ale omezuje to nejake zbytecnou telemetrii, viz Mozilla Heartbeat * browser.selfsupport.url = "" # tato moznost normalne v about:config neni, ale omezuje to nejake zbytecnou telemetrii, viz Mozilla Heartbeat
* # nepamatovat si historii (Preferences / Privacy / Firefox will use custom settings for history / Clear history when closes / Setting / All) * # nepamatovat si historii (Preferences / Privacy / Firefox will use custom settings for history / Clear history when closes / Setting / All)
* # nejsem si jist, nakolik to funguje, zrejme dost * # nejsem si jist, nakolik to funguje, zrejme dost
* privacy.clearOnShutdown.offlineApps = true * ...
* privacy.clearOnShutdown.passwords = true \ No newline at end of file
* privacy.clearOnShutdown.siteSettings = true
* privacy.sanitize.didShutdownSanitize = true
* privacy.sanitize.sanitizeOnShutdown = true
* privacy.clearOnShutdown.* = true
* network.http.accept-encoding.secure
* ... see prefs.js
## older to be distributed
* mdmaug extension
- cfx xpi vygeneruje 'mdmaug.xpi'
- prejmenuju na zip
- do složky ~/.mozilla/extensions/mdmaug@jetpack (id tvori ještě přídomek @jetpack)
- vkopiruju obsah slozky zipu xpi
## ok; to be deleted
Xhttps://csirt.csirt.office.nic.cz:8000/rest/analyze/atlas.cz -> vsechny odkazy pro MDMko.
XJak se instaluje? Python3. Pip. apt-get nainstaluje Xvfb a pip nainstaluje xvfbwrapper.
XV prohlizeci, kde pojede MDMko, se pro test pripojte na https://172.20.7.10:8000 a pridejte server mezi vyjimky. (Jinak se prohlížeč nepřipojí a python vrátí SSLError - unknown ca.)
Protoze MDM je pres https, je https i MDM-Augmented server. Vykaslal jsem se na certifikat, sam si jej podepsav. Zabte me.
XZabezpecte, aby NoScript neblokoval csirt.csirt.office.nic.cz (ani 172.20.7.10).
Dependencies:
pip3.4 install pymysql ... vono si to řekne
XZabezpecte, aby NoScript neblokoval csirt.csirt.office.nic.cz (ani 172.20.7.10).
Zajistim, ze na systemu bezi Firefox a nastavim mu pocet profilu, jaky chci. Podle toho upravim Config.profileCount.
Lze otestovat, ze firefox prebira z prikazove radky parametry (muze se stat, ze je stane nastaveny zastupce v /usr/bin) pri vytvareni profilu: firefox -P
V prohlizeci, kde pojede MDMko, se pro test pripojte na https://172.20.7.10:8000 a pridejte server mezi vyjimky. (Jinak se prohlížeč nepřipojí a python vrátí SSLError - unknown ca.)
Protoze MDM je pres https, je https i MDM-Augmented server. Vykaslal jsem se na certifikat, sam si jej podepsav. Zabte me.
- chown: FF jede pod uzivatele mdmaug, ne pod rootem. Do Debianu se musi FF stahnout z taru. Pokud nemuze zapisovat do slozky pri vytvoreni profilu, zkusim chown mdmaug:mdmaug pro celou home slozku, nebo alespon chown mdmaug:mdmaug -hR .mozilla
* pozor na prava, kdyztak sudo chown -R mdmaug /home/mdmaug/
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment