Ubuntu Security :: AppArmor Enforce Program Without Logging?

Apr 19, 2011

I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.

Is there a way to let it enforce restrictions but not log denials?

View 9 Replies


ADVERTISEMENT

Ubuntu Security :: Cannot Enforce Firefox 4.0 Apparmor Profile

Apr 29, 2011

Since Ubuntu 9.10 I used:

"sudo apt-get install apparmor-profiles

sudo enforce firefox"

However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.

View 6 Replies View Related

Fedora Security :: Possible To Create Selinux Profile For Program Like With Apparmor?

Jan 15, 2011

Is it possible to create a selinux profile for a program like with Apparmor?

View 4 Replies View Related

Ubuntu Security :: Recommend AppArmor And Other Security Measures?

Aug 31, 2010

Or do you just use Ubuntu feeling safe enough without them? If you do use AppArmor and other security measures, what do you use them for? Obviously Firefox and Chrome would be two things. But what else?

View 9 Replies View Related

OpenSUSE :: How Does Apparmor Block A Bad-program

Jun 10, 2010

depending on reading some apparmor docs, I know that apparmor read logs to determine what profile a program will be, that means a profile only can be built when the program have been exec at least a time, or we already how will be executed of a specific program. but if a hack inserts a bad-program such as a back door or virus what should never be executed any time, and at the same time we don't know what's the consequence will happen due to the behaviors of a bad-program. therefore, how could apparmor do to prevent these situations? Can apparmor confine every thing what under a specific directory by default? because use: aa-autodep /path/to/restrict/* is 'complain' by default and everything are allowed, can apparmor deny everything by default?

View 2 Replies View Related

Ubuntu :: Inbuilt Logging System - Ran And Installation - Program Opened Automatically - Can't Find Program Executable

Feb 23, 2011

I was wondering whether there is an inbuilt logging system in UNIX?

I ran and installation and the program opened up automatically but I can't find the program executable.

If I could find a log then I could locate this file.

View 9 Replies View Related

OpenSUSE :: Can Apparmor Block Execute Any Program In A Specific Dir

Jun 10, 2010

prohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?

View 5 Replies View Related

Ubuntu Security :: AppArmor For All Users

Jun 10, 2011

I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?

View 2 Replies View Related

Ubuntu Security :: Apparmor Will Work On The 10.04 Livecd?

Jan 29, 2010

Does anyone know if Apparmor will work on the Ubuntu 10.04 livecd? I know there are currently issues running Apparmor on stacked filesystems with aufs. Currently a casper scripts disables Apparmor during boot up. Would be very useful if it could be run in a live session.

View 4 Replies View Related

Ubuntu Security :: Set Up An Apparmor Profile For Firefox?

Apr 28, 2010

Anyone set up an Apparmor profile for Firefox?

View 9 Replies View Related

Ubuntu Security :: Disable The Apparmor In Firefox

Aug 8, 2010

Inspite i have read through the sticky link but i have a query.

Example,

If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.

If not,how to disable the apparmor in firefox.Is it as below?

Code:

View 9 Replies View Related

Ubuntu Security :: How To Test That Apparmor Is Working

Oct 9, 2010

So I activated the Firefox profile:

Code:

And restarted Firefox (even rebooted), but it doesn't seem to be working. When I open Firefox I am able to perform a "Save Page As" in locations I shouldn't be able to, like my Desktop or Pictures folder.

The following command says the Firefox process is in enforce mode:

Code:

Of the following lines, the only directory which is "rw" is /Downloads, why am I still able to write to other places?

Code:

OS: Ubuntu 10.10

Can someone with an active Firefox profile do this simple test for me? Click File -> Save As and try to save somewhere the Apparmor profile shouldn't let you, and let me know the results.

View 9 Replies View Related

Ubuntu Security :: Apparmor For Firefox - How To Turn It Off

Nov 12, 2010

Tried the apparmor profile for Firefox. how to turn it off. No matter what I do, it still shows up as being on in apparmor status.

View 3 Replies View Related

Ubuntu Security :: No Firefox Profile In Apparmor?

Nov 15, 2010

I'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:

1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?

View 5 Replies View Related

Ubuntu Security :: Certain Commands Not Working In Apparmor?

Jun 7, 2011

I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?

Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?

sudo apt-get install apparmor-profiles

View 6 Replies View Related

Ubuntu Security :: Updating AppArmor Profiles?

Jun 12, 2011

Where is some good documentation with concrete examples on the best practices for how to update AppArmor profiles?

View 2 Replies View Related

Ubuntu Security :: Enabling A New Profile In AppArmor?

Jun 18, 2011

When I enable a new AppArmor profile that is not in the kernel, I've used this command:

Code:
apparmor_parser -r /path/to/profile

But when I recently read the manual for AppArmor, it says to use this command for new profiles:

Code:
apparmor_parser -a /path/to/profile

Have I done something wrong by using -r instead of -a?

View 1 Replies View Related

Ubuntu Security :: Using Apparmor To Restrict File Browser?

Sep 21, 2010

I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.

View 2 Replies View Related

Ubuntu Security :: Apparmor Protecting Files From Users

Jan 8, 2011

It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?

View 5 Replies View Related

Ubuntu Security :: Apparmor Profile Deleted / Can't Get It Back

Jun 21, 2011

i was trying to edit my firefox apparmor profile. I used aa-genprof, and accidentally closed the terminal before the program was finished. Firefox wouldn't load properly after that whenever it was enforced. I uninstalled and reinstalled the profiles, but it didn't help.Finally I deleted the files for the profile itself ... now it will not reinstall them..I marked all the apparmor packages for complete removal and then reinstalled them but it will not put the original firefox profile back in.

View 2 Replies View Related

Ubuntu Security :: Why Isn't Apparmor Firefox Profile Enabled By Default

Apr 25, 2010

This page [URL] shows how to enable apparmor firefox profile. Why isnt apparmor firefox profile enabled by default? I would postulate that this would be because there must be some limitation by having the profile enabled. If so, what would the limitation be?

View 9 Replies View Related

Ubuntu Security :: Generic AppArmor Profile For Untrusted Application

Sep 3, 2010

I've read and re-read everything I can find about AppArmor, to no avail. On the whole, AppArmor isn't for me. However, rather than give up on it completely, I have an idea: create a profile that I could use as a template for any untrusted application, with the aim of 1) blocking it from network access and 2) blocking it from installing other applications. I've got as far as creating an empty profile:

Code:
# Generic AppArmor Profile for UntrustedApplication
#include <tunables/global>
/usr/sbin/UntrustedApplication {
#include <abstractions/base> }
What do I need to add to make this profile 100% permissive, except for the two exceptions stated above?

View 9 Replies View Related

Ubuntu Security :: Write Allowed Even AppArmor Forced In Firefox

Feb 28, 2011

I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,

But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):

Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?

View 4 Replies View Related

Ubuntu Security :: Using Apparmor To Restrict Networking To Specific Ports?

Jun 12, 2011

Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?

The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.

View 5 Replies View Related

Ubuntu Security :: Firefox Profile In Apparmor Skipped On Startup

Aug 9, 2011

I have quiet splash disabled so I can see what boot processes are run on startup, and I notice that on every time I boot my computer the Firefox profile is skipped. Here's the message: Code: Skipping profile in /etc/ apparmor.d/disable: usr.bin.firefox,I checked /etc/apparmor.d/disable, and see that there is indeed a link to usr.bin.firefox. So I'm wondering how/why it got there. I haven't touched anything in AppArmor since my clean install of Natty.

View 6 Replies View Related

OpenSUSE :: Apparmor Security Event Notification Error

Nov 13, 2010

Currently the Apparmor program has the notification logs saved to /etc/apparmor/notify.cfg, however, when I try to save the notification after putting my email address in, I get an error saying "Configuration failed for the following operations: Unable to write config changes to /etc/apparmor/notify.cfg"looking inside the folder, I do not see any file named "notify.cfg" BUT I do see so files called reports.conf, logprof.conf, and reports.crontab. I am guessing that the program is asking to save the notification changes to a file that does not exist and in fact one of those three files are the proper ones to use. Well if that is the case then how would I go about fixing this error?

View 4 Replies View Related

Ubuntu Security :: AppArmor Failed To Load - Could Not Allocate Temporary File

Jan 7, 2010

I get the error message in the subject line, followed by a red failed message.

However, once the system is finished booting, I can log in and

Code:
sudo /etc/init.d/apparmor start
and it starts normally.

View 7 Replies View Related

Ubuntu Security :: Use Lucid's Default Firefox AppArmor Profile For Swiftfox?

May 14, 2010

But I couldn't find a modified version of it for Swiftfox anywhere, so I decided to modify it myself. But I'm not 100% sure that I did it correctly, so I thought I'd ask here.

Also, will Swiftfox 3.6.4 be able to use this same profile? I thought it might not because of the new "Out of process plugins" feature being added.

View 3 Replies View Related

Ubuntu Security :: AppArmor Protect Devices And Limit Their Access To The File System?

Nov 9, 2010

This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?

View 5 Replies View Related

Ubuntu Security :: Configure AppArmor And Add Ability To Bind - Failed To Set Capabilities On File

May 18, 2011

A create an application which has to bind to port less than 1024 and must be launched under non-root user. OS: Ubuntu 10.04. Decision 1: Using a firewall to redirect packets. Problem: This decision is not good for me. I need simple way to solve the problem. Decision 2: Use CAP_NET_BIN_SERVICE. Problem: My execution file has 2,7G size. It is very big application with a lot of debug info. setcat command return an error:

[code]...

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved