matt/patronageos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hardened malloc. networking + firewall. json based config.

Browse Source
This commit is contained in:
matt
2026-02-08 12:36:23 -07:00
parent cdb972579a
commit 2770dfc964
46 changed files with 1443 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
config/settings/opensnitch/rules/allow-always-list-usr-changelog.json Executable file
View File

@@ -0,0 +1,26 @@
{
"created": "2026-01-28T11:11:49-07:00",
"updated": "2026-01-28T11:11:49-07:00",
"name": "allow-always-list-usr-changelog",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "changelogs.ubuntu.com",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

33
config/settings/opensnitch/rules/allow-always-list-usr-dot.json Executable file
View File

@@ -0,0 +1,33 @@
{
"created": "2026-01-28T11:10:32-07:00",
"updated": "2026-01-28T11:10:32-07:00",
"name": "allow-always-list-usr-lib-systemd-systemd-resolved-853",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.port",
"data": "853",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/systemd/systemd-resolved",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-443-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:12:09-07:00",
"updated": "2026-01-28T11:12:09-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-443-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "brave-browser-apt-release.s3.brave.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-53-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:12:05-07:00",
"updated": "2026-01-28T11:12:05-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-53-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "brave-browser-apt-release.s3.brave.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-https-tcp-brave-browser-apt-release-s3-brave-com-53-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:13:04-07:00",
"updated": "2026-01-28T11:13:04-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-https-tcp-brave-browser-apt-release-s3-brave-com-53-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "_https._tcp.brave-browser-apt-release.s3.brave.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-ubuntu-com-53-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:11:49-07:00",
"updated": "2026-01-28T11:11:49-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-ubuntu-com-53-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-ubuntu-com-80-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:11:57-07:00",
"updated": "2026-01-28T11:11:57-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-ubuntu-com-80-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "80",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-443.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:20-07:00",
"updated": "2026-02-07T11:02:20-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-443",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "api.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:01:46-07:00",
"updated": "2026-02-07T11:01:46-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "api.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-443.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:56-07:00",
"updated": "2026-02-07T11:02:56-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-443",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "dashboard.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:48-07:00",
"updated": "2026-02-07T11:02:48-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "dashboard.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-443.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:38-07:00",
"updated": "2026-02-07T11:02:38-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-443",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)snapcraftcontent\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:28-07:00",
"updated": "2026-02-07T11:02:28-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)snapcraftcontent\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-123.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-28T11:09:37-07:00",
"updated": "2026-01-28T11:09:37-07:00",
"name": "allow-always-list-usr-sbin-chronyd-123",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.port",
"data": "123",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "102",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-4-ntp-ubuntu-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-31T00:30:23-07:00",
"updated": "2026-01-31T00:30:23-07:00",
"name": "allow-always-list-usr-sbin-chronyd-4-ntp-ubuntu-com-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

33
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-4460.json Executable file
View File

@@ -0,0 +1,33 @@
{
"created": "2026-01-28T11:13:38-07:00",
"updated": "2026-01-28T11:13:38-07:00",
"name": "allow-always-list-usr-sbin-chronyd-4460",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.port",
"data": "4460",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-ntp-bootstrap-ubuntu-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-31T00:30:27-07:00",
"updated": "2026-01-31T00:30:27-07:00",
"name": "allow-always-list-usr-sbin-chronyd-ntp-bootstrap-ubuntu-com-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "ntp-bootstrap.ubuntu.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-sbin-networkmanager-connectivity-check-ubuntu-com-80-0.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:12:41-07:00",
"updated": "2026-01-28T11:12:41-07:00",
"name": "allow-always-list-usr-sbin-networkmanager-connectivity-check-ubuntu-com-80-0",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "connectivity-check.ubuntu.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "80",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "0",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/NetworkManager",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/deny-always-list-opt-brave-com-brave-brave-224-0-0-251-5353-1000.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-02-01T16:52:56-07:00",
"updated": "2026-02-01T16:52:56-07:00",
"name": "deny-always-list-opt-brave-com-brave-brave-224-0-0-251-5353-1000",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "224.0.0.251",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "5353",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "1000",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/opt/brave.com/brave/brave",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/deny-always-list-opt-brave-com-brave-brave-239-255-255-250-1900.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-28T18:26:38-07:00",
"updated": "2026-01-28T18:26:38-07:00",
"name": "deny-always-list-opt-brave-com-brave-brave-239-255-255-250-1900",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "239.255.255.250",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "1900",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/opt/brave.com/brave/brave",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

33
config/settings/opensnitch/rules/deny-always-list-usr-bin-python3-13-239-255-255-250.json Executable file
View File

@@ -0,0 +1,33 @@
{
"created": "2026-01-28T11:12:27-07:00",
"updated": "2026-01-28T11:12:27-07:00",
"name": "deny-always-list-usr-bin-python3-13-239-255-255-250",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "239.255.255.250",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/bin/python3.13",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/deny-always-list-usr-libexec-colord-sane-239-255-255-250-3702-118.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:31:29-07:00",
"updated": "2026-01-28T11:31:29-07:00",
"name": "deny-always-list-usr-libexec-colord-sane-239-255-255-250-3702-118",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "239.255.255.250",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "3702",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "118",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/libexec/colord-sane",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

26
config/settings/opensnitch/rules/deny-always-list-usr-sbin-avahi-daemon-224-0-0-251-5353.json Executable file
View File

@@ -0,0 +1,26 @@
{
"created": "2026-01-28T11:08:56-07:00",
"updated": "2026-01-28T11:08:56-07:00",
"name": "deny-always-list-usr-sbin-avahi-daemon-224-0-0-251-5353",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "process.path",
"data": "/usr/sbin/avahi-daemon",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/deny-always-list-usr-sbin-chronyd-3-ntp-ubuntu-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-28T11:33:02-07:00",
"updated": "2026-01-28T11:33:02-07:00",
"name": "deny-always-list-usr-sbin-chronyd-3-ntp-ubuntu-com-53",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

18
config/settings/opensnitch/rules/deny-always-simple-usr-geoclue.json Executable file
View File

@@ -0,0 +1,18 @@
{
"created": "2026-01-28T14:32:45-07:00",
"updated": "2026-01-28T14:32:45-07:00",
"name": "deny-always-simple-usr-geoclue",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "process.path",
"data": "/usr/libexec/geoclue",
"type": "simple",
"list": [],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

18
config/settings/opensnitch/rules/deny-always-simple-usr-sbin-cups-browsed.json Executable file
View File

@@ -0,0 +1,18 @@
{
"created": "2026-01-28T14:32:45-07:00",
"updated": "2026-01-28T14:32:45-07:00",
"name": "deny-always-simple-usr-sbin-cups-browsed",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "process.path",
"data": "/usr/sbin/cups-browsed",
"type": "simple",
"list": [],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}