recently I am interesting at apparmor, and I have read some docs of it, but I have a question that how to protect apparmor itself? I mean only if gained root privilege then stop apparmor service, all the protection will no longer effect, if I hiding or remove root user then how to remodify profiles if needed that because have not enough privilege.
Is there apparmor maillist? maybe you can email me: <email removed for obvious reasons>
This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies View RelatedSet up Novell Apparmor? how to do it.
View 2 Replies View RelatedHere's my problem: Clean OpenSUSE 11.3 64 bit installation using default options into a Virtualbox virtual machine for pre-production testing. I want to check whether AppArmor is enabled, so I enter YaST -> AppArmor Control Panel.
This has a check box named 'Enable AppArmor' which is by default un-checked. I check this box, and then click 'Done'. This takes me back to YaST and I would assume AppArmor has now been enabled. However, when I return to AppArmor Control Panel the check box is deselected again.
depending on reading some apparmor docs, I know that apparmor read logs to determine what profile a program will be, that means a profile only can be built when the program have been exec at least a time, or we already how will be executed of a specific program. but if a hack inserts a bad-program such as a back door or virus what should never be executed any time, and at the same time we don't know what's the consequence will happen due to the behaviors of a bad-program. therefore, how could apparmor do to prevent these situations? Can apparmor confine every thing what under a specific directory by default? because use: aa-autodep /path/to/restrict/* is 'complain' by default and everything are allowed, can apparmor deny everything by default?
View 2 Replies View RelatedEmail alerting from Apparmor profile to gmail is possible, but email cannot be forwarded to other email address
View 1 Replies View RelatedIn case this is a thread in the wrong section please move it to the right one. Following situation applies.I am using openSUSE 11.1 with modified kernel. Code:# uname -aLinux linux-2c5j 3.0.4-41-desktop #1 SMP PREEMPT Sun Sep 4 18:51:01 CEST 2011 i686 i686 i386 GNU/Linux The compilation did run flawlessly with the SAKC script.However the module apparmor does not load. Infact:Code:# modprobe apparmorFATAL: Module apparmor not found. I understand that I have to recompile the module, right? There I have the first question: wasn't the apparmor module accepted into the kernel (and therefore should be already compiled and available with the normal kernel compile)? Or is this wrong. How can I recompile the apparmor module for my new kernel.
View 1 Replies View RelatedIs there a particular app listed as apparmor, or is it a series of separate programs that act as a whole? if the latter, which programs are these. i just got really lucky with my installation of 11.2, and I'm trying to confirm my success.
View 9 Replies View RelatedIs recommended to create a profile in apparmor for applications like amule, firefox, thunderbird, amsn ....?
View 7 Replies View RelatedDoes it make sense to run sshd confined/protected by apparmor? I get tons of attack/hack attempts on my ssh port daily, I created a white list on my firewall to specify the IP addresses that can ssh into my network. I was also thinking of activating the sshd profile in apparmor for some added protection?
View 5 Replies View Relatedprohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?
View 5 Replies View RelatedCurrently the Apparmor program has the notification logs saved to /etc/apparmor/notify.cfg, however, when I try to save the notification after putting my email address in, I get an error saying "Configuration failed for the following operations: Unable to write config changes to /etc/apparmor/notify.cfg"looking inside the folder, I do not see any file named "notify.cfg" BUT I do see so files called reports.conf, logprof.conf, and reports.crontab. I am guessing that the program is asking to save the notification changes to a file that does not exist and in fact one of those three files are the proper ones to use. Well if that is the case then how would I go about fixing this error?
View 4 Replies View RelatedI have just reinstalled OS 11.2 but this time the 64bit system variant. I installed the real-time kernel and saw that the apparmor module reported an error and wasn't loaded. I have never looked into apparmor and only knows it has something to do with security, and thus I wonder if it is important to do something with this issue? I plan to use the kernel-rt and have more or less always used a variant of this kernel flavour, often self built. Though I can not recall having seen that error before and I have not used a 64bit system before
View 2 Replies View RelatedWhat is the best way to password protect an external drive? After searching I found a few programs which seem to perform what I want to do.
View 5 Replies View RelatedI can't login after the password-protect-screen-saver comes on during a download.The screen is black, the cursor arrow moves with the mouse, but no login window.I have no idea what is wrong but it seems to correlate with this combination.
View 2 Replies View RelatedI was trying to install apparomor-profiles, and the terminal spewed a lot of error messages. They all said, "Kernel needs 2.4 compatibility patch."
Where is this patch, (I tried Google), and how do I install it?
I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies View RelatedI'm trying to figure out Apparmor,in doing so I've seen that there are no pre-configured profiles for Iceweasel,but there are two for Firefox in /usr/share/doc/apparmor-profiles/extras/ : Will it work if I simply replace "iceweasel" for "firefox" and set those profiles to complain mode,just to see what will eventually happen? Is that too obvious?
View 9 Replies View RelatedI am new to ubuntu and I would really like to try it out, however I cant do the demo it freezes, I cant boot it either. I got rid of the quiet splash and watched it load. The last thing I saw before it went to just a blank screen was the ubuntu logo and it said loading apparmor then ok, went back to the previous command line screen and said done. Then it was just blank. No mouse, no blinking cursor, nothing.
View 2 Replies View RelatedDoes anyone know if Apparmor will work on the Ubuntu 10.04 livecd? I know there are currently issues running Apparmor on stacked filesystems with aufs. Currently a casper scripts disables Apparmor during boot up. Would be very useful if it could be run in a live session.
View 4 Replies View RelatedAnyone set up an Apparmor profile for Firefox?
View 9 Replies View RelatedInspite i have read through the sticky link but i have a query.
Example,
If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.
If not,how to disable the apparmor in firefox.Is it as below?
Code:
So I activated the Firefox profile:
Code:
And restarted Firefox (even rebooted), but it doesn't seem to be working. When I open Firefox I am able to perform a "Save Page As" in locations I shouldn't be able to, like my Desktop or Pictures folder.
The following command says the Firefox process is in enforce mode:
Code:
Of the following lines, the only directory which is "rw" is /Downloads, why am I still able to write to other places?
Code:
OS: Ubuntu 10.10
Can someone with an active Firefox profile do this simple test for me? Click File -> Save As and try to save somewhere the Apparmor profile shouldn't let you, and let me know the results.
Tried the apparmor profile for Firefox. how to turn it off. No matter what I do, it still shows up as being on in apparmor status.
View 3 Replies View RelatedI'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:
1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?
using Ubuntu Server 10.10 x86_64 on this machine. It is used as a master DNS server for my domain. We have migrated it to Ubuntu from Gentoo. The problem is that AppArmor is spamming /var/log/syslog
Code:
Jan 3 14:38:40 hydra kernel: [2154828.893409] type=1400 audit(1294061920.141:660146): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/named" name="/var/log/named_querylog" pid=15397 comm="named" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
The zone files reside in /etc/bind/ and we have not changed anything in /etc/apparmor.d/usr.sbin.named .
We don't want to just uninstall apparmor, but how do we adjust its settings correctly?
I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
Where is some good documentation with concrete examples on the best practices for how to update AppArmor profiles?
View 2 Replies View RelatedWhen I enable a new AppArmor profile that is not in the kernel, I've used this command:
Code:
apparmor_parser -r /path/to/profile
But when I recently read the manual for AppArmor, it says to use this command for new profiles:
Code:
apparmor_parser -a /path/to/profile
Have I done something wrong by using -r instead of -a?
I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.
View 2 Replies View Related
