Linus Xanoni xanoni

## Google Chrome Extension Watcher.flock
watch prefix "$HOME/Library/Application Support/Google/Chrome/Default/Extensions/" "any" wcxm
allow prefix "$HOME/Library/Application Support/Google/Chrome/Default/Extensions/" "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" r

## detect.sh
#!/bin/bash
echo "Please wait..."

# Look for suspect files
/usr/bin/find -E /Applications -iregex '.*\.app\/(.*\.DS_Store|Icon.{1})$' > /tmp/.suspectfiles

# Check suspect files
appsCounter=0
while read path; do

## main.scpt
# Misc: --start-maximized --disable-save-password-bubble
# Reduce attack surface: --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps
# Incognito, sandboxing & security stuff: --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins
#

## destroyfvkeyonstandby.sh
# Precision: Only works on 2012+ Apple computers
sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25

## org.nsa.pf.rules
# Put this file in /etc/pf.anchors/

# Options
set block-policy drop
set fingerprints "/etc/pf.os"
set ruleset-optimization basic
set skip on lo0

# Interfaces
inet_define = "en0"

## torrc-defaults
# Add this in the Tor config file
# Exclude Nodes of all of these countries
# Five Eyes: U.S., Australia, Canada, New Zealand, U.K. (also added France because it's becoming worse than the Five Eyes)
ExcludeExitNodes {us},{au},{ca},{nz},{gb},{fr}
	watch prefix "$HOME/Library/Application Support/Google/Chrome/Default/Extensions/" "any" wcxm
	allow prefix "$HOME/Library/Application Support/Google/Chrome/Default/Extensions/" "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" r
	#!/bin/bash
	echo "Please wait..."

	# Look for suspect files
	/usr/bin/find -E /Applications -iregex '.\.app\/(.\.DS_Store\|Icon.{1})$' > /tmp/.suspectfiles

	# Check suspect files
	appsCounter=0
	while read path; do
	# Misc: --start-maximized --disable-save-password-bubble
	# Reduce attack surface: --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps
	# Incognito, sandboxing & security stuff: --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins
	#
	# Precision: Only works on 2012+ Apple computers
	sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25
	# Put this file in /etc/pf.anchors/

	# Options
	set block-policy drop
	set fingerprints "/etc/pf.os"
	set ruleset-optimization basic
	set skip on lo0

	# Interfaces
	inet_define = "en0"
	# Add this in the Tor config file
	# Exclude Nodes of all of these countries
	# Five Eyes: U.S., Australia, Canada, New Zealand, U.K. (also added France because it's becoming worse than the Five Eyes)
	ExcludeExitNodes {us},{au},{ca},{nz},{gb},{fr}