mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libapparmor: add log parser support for saddr, daddr, src and dest

Browse source 
saddr, daddr, src and dest are used in network logs

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
(cherry picked from commit 6774654424)
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/397
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia 2024-05-24 08:08:58 -03:00
parent 2a3cf471ab
commit d1311cc93f
25 changed files with 152 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libraries/libapparmor/src/scanner.l
View file

@ -157,9 +157,13 @@ key_capname "capname"
key_offset "offset"
key_target "target"
key_laddr "laddr"
key_saddr "saddr"
key_faddr "faddr"
key_daddr "daddr"
key_lport "lport"
key_srcport "src"
key_fport "fport"
key_destport "dest"
key_bus "bus"
key_dest "dest"
key_path "path"
@ -351,9 +355,13 @@ yy_flex_debug = 0;
{key_offset} { return(TOK_KEY_OFFSET); }
{key_target} { return(TOK_KEY_TARGET); }
{key_laddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_LADDR); }
{key_saddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_LADDR); }
{key_faddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_FADDR); }
{key_daddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_FADDR); }
{key_lport} { return(TOK_KEY_LPORT); }
{key_srcport} { return(TOK_KEY_LPORT); }
{key_fport} { return(TOK_KEY_FPORT); }
{key_destport} { return(TOK_KEY_FPORT); }
{key_bus} { return(TOK_KEY_BUS); }
{key_path} { return(TOK_KEY_PATH); }
{key_interface} { return(TOK_KEY_INTERFACE); }

0
libraries/libapparmor/testsuite/test_multi/testcase_network_06.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/testcase_network_06.in Normal file
View file

@ -0,0 +1 @@
[319992.813426] audit: type=1400 audit(1716557137.764:477): apparmor="DENIED" operation="recvmsg" class="net" info="failed remote addr match" error=-13 profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=22237 comm="net_inet_rcv" laddr=127.0.97.3 lport=3456 saddr=127.0.97.3 src=3456 family="inet" sock_type="dgram" protocol=17 requested="receive" denied="receive"

20
libraries/libapparmor/testsuite/test_multi/testcase_network_06.out Normal file
View file

@ -0,0 +1,20 @@
START
File: testcase_network_06.in
Event type: AA_RECORD_DENIED
Audit ID: 1716557137.764:477
Operation: recvmsg
Mask: receive
Denied Mask: receive
Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
Command: net_inet_rcv
Info: failed remote addr match
ErrorCode: 13
PID: 22237
Network family: inet
Socket type: dgram
Protocol: udp
Local addr: 127.0.97.3
Local port: 3456
Class: net
Epoch: 1716557137
Audit subid: 477

4
libraries/libapparmor/testsuite/test_multi/testcase_network_06.profile Normal file
View file

@ -0,0 +1,4 @@
/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
network (receive) inet dgram ip=127.0.97.3 port=3456,
}

0
libraries/libapparmor/testsuite/test_multi/testcase_network_07.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/testcase_network_07.in Normal file
View file

@ -0,0 +1 @@
[321266.557863] audit: type=1400 audit(1716558411.518:583): apparmor="DENIED" operation="bind" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=23602 comm="net_inet_rcv" saddr=127.0.97.3 src=3456 family="inet" sock_type="dgram" protocol=17 requested="bind" denied="bind"

18
libraries/libapparmor/testsuite/test_multi/testcase_network_07.out Normal file
View file

@ -0,0 +1,18 @@
START
File: testcase_network_07.in
Event type: AA_RECORD_DENIED
Audit ID: 1716558411.518:583
Operation: bind
Mask: bind
Denied Mask: bind
Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
Command: net_inet_rcv
PID: 23602
Network family: inet
Socket type: dgram
Protocol: udp
Local addr: 127.0.97.3
Local port: 3456
Class: net
Epoch: 1716558411
Audit subid: 583

4
libraries/libapparmor/testsuite/test_multi/testcase_network_07.profile Normal file
View file

@ -0,0 +1,4 @@
/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
network (bind) inet dgram ip=127.0.97.3 port=3456,
}

0
libraries/libapparmor/testsuite/test_multi/testcase_network_08.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/testcase_network_08.in Normal file
View file

@ -0,0 +1 @@
[321557.117710] audit: type=1400 audit(1716558702.097:793): apparmor="DENIED" operation="setsockopt" class="net" info="failed cmd selection match" error=-13 profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=26135 comm="net_inet_rcv" family="inet" sock_type="dgram" protocol=17 requested="setopt" denied="setopt"

18
libraries/libapparmor/testsuite/test_multi/testcase_network_08.out Normal file
View file

@ -0,0 +1,18 @@
START
File: testcase_network_08.in
Event type: AA_RECORD_DENIED
Audit ID: 1716558702.097:793
Operation: setsockopt
Mask: setopt
Denied Mask: setopt
Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
Command: net_inet_rcv
Info: failed cmd selection match
ErrorCode: 13
PID: 26135
Network family: inet
Socket type: dgram
Protocol: udp
Class: net
Epoch: 1716558702
Audit subid: 793

4
libraries/libapparmor/testsuite/test_multi/testcase_network_08.profile Normal file
View file

@ -0,0 +1,4 @@
/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
network (setopt) inet dgram,
}

0
libraries/libapparmor/testsuite/test_multi/testcase_network_09.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/testcase_network_09.in Normal file
View file

@ -0,0 +1 @@
[338728.513756] audit: type=1400 audit(1716575873.613:1160): apparmor="DENIED" operation="sendmsg" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd" pid=31340 comm="net_inet_snd" laddr=127.187.243.54 lport=3457 saddr=127.187.243.54 src=3457 daddr=127.0.97.3 dest=3456 family="inet" sock_type="dgram" protocol=17 requested="send" denied="send"

20
libraries/libapparmor/testsuite/test_multi/testcase_network_09.out Normal file
View file

@ -0,0 +1,20 @@
START
File: testcase_network_09.in
Event type: AA_RECORD_DENIED
Audit ID: 1716575873.613:1160
Operation: sendmsg
Mask: send
Denied Mask: send
Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd
Command: net_inet_snd
PID: 31340
Network family: inet
Socket type: dgram
Protocol: udp
Local addr: 127.187.243.54
Foreign addr: 127.0.97.3
Local port: 3457
Foreign port: 3456
Class: net
Epoch: 1716575873
Audit subid: 1160

4
libraries/libapparmor/testsuite/test_multi/testcase_network_09.profile Normal file
View file

@ -0,0 +1,4 @@
/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd {
network (send) inet dgram ip=127.187.243.54 port=3457 peer=(ip=127.0.97.3 port=3456),
}

0
libraries/libapparmor/testsuite/test_multi/testcase_network_10.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/testcase_network_10.in Normal file
View file

@ -0,0 +1 @@
[341455.536270] audit: type=1400 audit(1716578600.733:1467): apparmor="DENIED" operation="bind" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=35013 comm="net_inet_rcv" saddr=fd74:1820:b03a:b361::cf32 src=3456 family="inet6" sock_type="dgram" protocol=17 requested="bind" denied="bind"

18
libraries/libapparmor/testsuite/test_multi/testcase_network_10.out Normal file
View file

@ -0,0 +1,18 @@
START
File: testcase_network_10.in
Event type: AA_RECORD_DENIED
Audit ID: 1716578600.733:1467
Operation: bind
Mask: bind
Denied Mask: bind
Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
Command: net_inet_rcv
PID: 35013
Network family: inet6
Socket type: dgram
Protocol: udp
Local addr: fd74:1820:b03a:b361::cf32
Local port: 3456
Class: net
Epoch: 1716578600
Audit subid: 1467

4
libraries/libapparmor/testsuite/test_multi/testcase_network_10.profile Normal file
View file

@ -0,0 +1,4 @@
/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
network (bind) inet6 dgram ip=fd74:1820:b03a:b361::cf32 port=3456,
}

0
libraries/libapparmor/testsuite/test_multi/testcase_network_11.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/testcase_network_11.in Normal file
View file

@ -0,0 +1 @@
[342092.040080] audit: type=1400 audit(1716579237.240:2187): apparmor="DENIED" operation="sendmsg" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd" pid=43431 comm="net_inet_snd" laddr=fd74:1820:b03a:b361::a0f9 lport=3457 saddr=fd74:1820:b03a:b361::a0f9 src=3457 daddr=fd74:1820:b03a:b361::cf32 dest=3456 family="inet6" sock_type="dgram" protocol=17 requested="send" denied="send"

20
libraries/libapparmor/testsuite/test_multi/testcase_network_11.out Normal file
View file

@ -0,0 +1,20 @@
START
File: testcase_network_11.in
Event type: AA_RECORD_DENIED
Audit ID: 1716579237.240:2187
Operation: sendmsg
Mask: send
Denied Mask: send
Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd
Command: net_inet_snd
PID: 43431
Network family: inet6
Socket type: dgram
Protocol: udp
Local addr: fd74:1820:b03a:b361::a0f9
Foreign addr: fd74:1820:b03a:b361::cf32
Local port: 3457
Foreign port: 3456
Class: net
Epoch: 1716579237
Audit subid: 2187

4
libraries/libapparmor/testsuite/test_multi/testcase_network_11.profile Normal file
View file

@ -0,0 +1,4 @@
/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd {
network (send) inet6 dgram ip=fd74:1820:b03a:b361::a0f9 port=3457 peer=(ip=fd74:1820:b03a:b361::cf32 port=3456),
}