mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-21 17:35:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aa-log): improve log cleaning.

Browse source
This commit is contained in:
Alexandre Pujol 2024-04-02 17:50:33 +01:00
parent 1915fa5175
commit 4490db45c9
Failed to generate hash of commit
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pkg/logs/logs.go
View file

@ -31,6 +31,7 @@ const (
var ( var (
quoted bool quoted bool
isAppArmorLogTemplate = regexp.MustCompile(`apparmor=("DENIED"|"ALLOWED"|"AUDIT")`) isAppArmorLogTemplate = regexp.MustCompile(`apparmor=("DENIED"|"ALLOWED"|"AUDIT")`)
hex = `[0-9a-fA-F]`
regCleanLogs = util.ToRegexRepl([]string{ regCleanLogs = util.ToRegexRepl([]string{
// Clean apparmor log file // Clean apparmor log file
`.*apparmor="`, `apparmor="`, `.*apparmor="`, `apparmor="`,
@ -51,7 +52,8 @@ var (
// Resolve classic system variables // Resolve classic system variables
`/usr/lib(|32|64|exec)`, `@{lib}`, `/usr/lib(|32|64|exec)`, `@{lib}`,
`/usr/(|s)bin`, `@{bin}`, `/usr/(|s)bin`, `@{bin}`,
`[^/]+-linux-gnu[^/]?`, `@{multiarch}`, `x86_64-pc-linux-gnu[^/]?`, `@{multiarch}`,
`/usr/etc/`, `@{etc_ro}/`,
`/run/`, `@{run}/`, `/run/`, `@{run}/`,
`user/[0-9]*/`, `user/@{uid}/`, `user/[0-9]*/`, `user/@{uid}/`,
`/proc/`, `@{PROC}/`, `/proc/`, `@{PROC}/`,
@ -59,15 +61,15 @@ var (
`@{PROC}/@{pid}/task/[0-9]*/`, `@{PROC}/@{pid}/task/@{tid}/`, `@{PROC}/@{pid}/task/[0-9]*/`, `@{PROC}/@{pid}/task/@{tid}/`,
`/sys/`, `@{sys}/`, `/sys/`, `@{sys}/`,
`@{PROC}@{sys}/`, `@{PROC}/sys/`, `@{PROC}@{sys}/`, `@{PROC}/sys/`,
`pci[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]`, `@{pci_bus}`, `pci` + strings.Repeat(hex, 4) + `:` + strings.Repeat(hex, 2), `@{pci_bus}`,
// Some system glob // Some system glob
`:1.[0-9]*`, `:*`, // dbus peer name `:1.[0-9]*`, `:*`, // dbus peer name
`@{bin}/(|ba|da)sh`, `@{sh_path}`, // collect all shell `@{bin}/(|ba|da)sh`, `@{sh_path}`, // collect all shell
`@{lib}/modules/[^/]+\/`, `@{lib}/modules/*/`, // strip kernel version numbers from kernel module accesses `@{lib}/modules/[^/]+\/`, `@{lib}/modules/*/`, // strip kernel version numbers from kernel module accesses
`[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{hex32}`, strings.Repeat(hex, 64), `@{hex64}`,
`[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{uuid}`, strings.Repeat(hex, 32), `@{hex32}`,
`[0-9][0-9][0-9][0-9][0-9][0-9]+`, `@{int}`, strings.Repeat(hex, 8) + `[-_]` + strings.Repeat(hex, 4) + `[-_]` + strings.Repeat(hex, 4) + `[-_]` + strings.Repeat(hex, 4) + `[-_]` + strings.Repeat(hex, 12), `@{uuid}`,
// Remove basic rules from abstractions/base // Remove basic rules from abstractions/base
`(?m)^.*/etc/[^/]+so.*$`, ``, `(?m)^.*/etc/[^/]+so.*$`, ``,