OpenSUSE :: How Does Apparmor Block A Bad-program
Jun 10, 2010
depending on reading some apparmor docs, I know that apparmor read logs to determine what profile a program will be, that means a profile only can be built when the program have been exec at least a time, or we already how will be executed of a specific program. but if a hack inserts a bad-program such as a back door or virus what should never be executed any time, and at the same time we don't know what's the consequence will happen due to the behaviors of a bad-program. therefore, how could apparmor do to prevent these situations? Can apparmor confine every thing what under a specific directory by default? because use: aa-autodep /path/to/restrict/* is 'complain' by default and everything are allowed, can apparmor deny everything by default?
View 2 Replies
ADVERTISEMENT
Jun 10, 2010
prohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?
View 5 Replies
View Related
Apr 19, 2011
I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.
Is there a way to let it enforce restrictions but not log denials?
View 9 Replies
View Related
Jan 15, 2011
Is it possible to create a selinux profile for a program like with Apparmor?
View 4 Replies
View Related
Feb 19, 2010
Set up Novell Apparmor? how to do it.
View 2 Replies
View Related
Jun 2, 2010
recently I am interesting at apparmor, and I have read some docs of it, but I have a question that how to protect apparmor itself? I mean only if gained root privilege then stop apparmor service, all the protection will no longer effect, if I hiding or remove root user then how to remodify profiles if needed that because have not enough privilege.
Is there apparmor maillist? maybe you can email me: <email removed for obvious reasons>
View 2 Replies
View Related
Jul 18, 2010
Here's my problem: Clean OpenSUSE 11.3 64 bit installation using default options into a Virtualbox virtual machine for pre-production testing. I want to check whether AppArmor is enabled, so I enter YaST -> AppArmor Control Panel.
This has a check box named 'Enable AppArmor' which is by default un-checked. I check this box, and then click 'Done'. This takes me back to YaST and I would assume AppArmor has now been enabled. However, when I return to AppArmor Control Panel the check box is deselected again.
View 9 Replies
View Related
Mar 16, 2011
Email alerting from Apparmor profile to gmail is possible, but email cannot be forwarded to other email address
View 1 Replies
View Related
Sep 10, 2011
In case this is a thread in the wrong section please move it to the right one. Following situation applies.I am using openSUSE 11.1 with modified kernel. Code:# uname -aLinux linux-2c5j 3.0.4-41-desktop #1 SMP PREEMPT Sun Sep 4 18:51:01 CEST 2011 i686 i686 i386 GNU/Linux The compilation did run flawlessly with the SAKC script.However the module apparmor does not load. Infact:Code:# modprobe apparmorFATAL: Module apparmor not found. I understand that I have to recompile the module, right? There I have the first question: wasn't the apparmor module accepted into the kernel (and therefore should be already compiled and available with the normal kernel compile)? Or is this wrong. How can I recompile the apparmor module for my new kernel.
View 1 Replies
View Related
Mar 24, 2010
Is there a particular app listed as apparmor, or is it a series of separate programs that act as a whole? if the latter, which programs are these. i just got really lucky with my installation of 11.2, and I'm trying to confirm my success.
View 9 Replies
View Related
Apr 16, 2011
Is recommended to create a profile in apparmor for applications like amule, firefox, thunderbird, amsn ....?
View 7 Replies
View Related
Jun 30, 2011
Does it make sense to run sshd confined/protected by apparmor? I get tons of attack/hack attempts on my ssh port daily, I created a white list on my firewall to specify the IP addresses that can ssh into my network. I was also thinking of activating the sshd profile in apparmor for some added protection?
View 5 Replies
View Related
Nov 13, 2010
Currently the Apparmor program has the notification logs saved to /etc/apparmor/notify.cfg, however, when I try to save the notification after putting my email address in, I get an error saying "Configuration failed for the following operations: Unable to write config changes to /etc/apparmor/notify.cfg"looking inside the folder, I do not see any file named "notify.cfg" BUT I do see so files called reports.conf, logprof.conf, and reports.crontab. I am guessing that the program is asking to save the notification changes to a file that does not exist and in fact one of those three files are the proper ones to use. Well if that is the case then how would I go about fixing this error?
View 4 Replies
View Related
Aug 6, 2010
I have just reinstalled OS 11.2 but this time the 64bit system variant. I installed the real-time kernel and saw that the apparmor module reported an error and wasn't loaded. I have never looked into apparmor and only knows it has something to do with security, and thus I wonder if it is important to do something with this issue? I plan to use the kernel-rt and have more or less always used a variant of this kernel flavour, often self built. Though I can not recall having seen that error before and I have not used a 64bit system before
View 2 Replies
View Related
Oct 14, 2010
I want to block yahoo, skype IM program with a schedule.Just unblock from 10AM - 2PM and 3PM - 5PM everyday.I tried block from router, but it's not block completely and haven't schedule function.I found that a firewall (Iptables and ISA) can do that. Have anything else can? Can anyone give me some advises
View 3 Replies
View Related
Oct 16, 2010
How do you go about getting the raw size of a block device under Linux from within a C program? And I mean the raw size of the block device itself, not a file system that may or may not be installed on it. And I'd like to be able to get the raw size of any block device, from hard drives (e.g., /dev/sda) to LVM partitions (/dev/mapper/vg0-home) to loop devices to anything else that is a Linux block device.
View 3 Replies
View Related
Aug 12, 2010
Is there a program like peer block for ubuntu? It is an ip filter program. Here is the website to help answer questions on what type of program it is. http://www.peerblock.com/
View 6 Replies
View Related
Jun 3, 2011
I open this thread after an unsuccessful long search over the Web. Essentially what I want is to block the outgoing connection of a program. All I know about this program is its name and so I don't have any information regarding the ports it utilizes or the address it may contact.
View 9 Replies
View Related
Apr 15, 2011
I am trying to run C++ program on linux.
My program consume a lot of memory so that the memory is used up fast and memory swap is very high.
I can find this by "ps" .
My program is long.
I need to find out which part of my program consume so much memory ?
View 1 Replies
View Related
Feb 1, 2011
i have recently had a house mate move in and he is using my wireless network, even though i asked him not to give out the network key to his friends either he has or they have hacked my network and are using it when they come over, is there a program i can use to monitor the number of computers that are connected to my network and block them, or is there a way i can just wee what is going on. They seem to just connect and i don't want to have to change the password particularly because that involves changing it on multiple devices.
View 1 Replies
View Related
Apr 15, 2011
I have problems to get it work. i have tried to use pm-utils, but it does nothing.
What is need is to kill application, when pc is going into suspend to ram and run that application again on wake. It's a graphical application.
View 1 Replies
View Related
Aug 19, 2011
How do I block LibreOffice update in opensuse11.3
View 9 Replies
View Related
Apr 8, 2011
I'm getting a pesky add in a page. I can block the images, but then I get
an empty window from them. That is not it, I want to block everything from
them.
http://adserving.cpxadroit.com/*
Is there a way?
They load a flash from their clients, which I have to kill one by one, but
it loads another one.
Perhaps block the name in the DNS?
View 9 Replies
View Related
Apr 17, 2010
how can I block MSN or Myspace IM on opensuse, do I need to modify the firewall configuration file?
View 1 Replies
View Related
Mar 11, 2011
How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
View 5 Replies
View Related
Nov 2, 2010
Using a terminal shell and entering ls -l, all the files in the user /home/user1 appear with a green block background. The files in /home/user2 have standard Linux colors. What does the green block mean?
View 1 Replies
View Related
Jun 23, 2011
I have big troubles with new mouse. It works properly in all cases except booting. It is really strange but if I restart the system (11.3), There is BIOS hdd detection, GRUB (I choose oS 11.3), after I can see about three text lines for short time and after only black screen. And system is halted.
If I disconnect the mouse, reset PC, choose in GRUB, I can see text lines, immediately there is a graphic screen, connect mouse and it works until next reboot.
View 7 Replies
View Related
Apr 8, 2010
I bought a new HP printer and had to install the latest HPLIP version. I had to compile it and install it from source. In order to avoid interferences with the installed version, I had first removed the installed version. But now Yast wants to re-install this old version with any package installation or upgrade because it sees unresolved dependencies. How can I stop it to add this packages? Or how can I tell Yast that the hplip packages are installed?
View 3 Replies
View Related
Jun 25, 2010
I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.
So now I'm struggling a bit with Iptables. Basicly what I'm looking for is how to block all ports but 80 in this last subnet with iptables.
View 5 Replies
View Related
Dec 6, 2010
I'm trying to block a site for a certain time.How to Block(deny) perticuler website in certain times of the day , by using squid ? and it seemed promising.I added the lines to my squid.conf
acl office_time time MTWHF 3:00-21:00
acl bad url_regex "/etc/squid/block.acl
http_access deny bad !office_time
created a block.acl in the same directory and restarted it.
View 2 Replies
View Related
