mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/extras
History
Steve Beattie 693e769a77 A couple of directory fixups for sshd.
2007-04-10 23:34:06 +00:00
..
bin.netstat disable netstat profile: 10.2 beta kernels require an ungrantable ptrace privilege 2006-11-16 12:00:00 +00:00
etc.cron.daily.logrotate r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
etc.cron.daily.slocate.cron r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
etc.cron.daily.tmpwatch r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.bin.evolution-2.4 r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.bin.gaim Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim: 2007-01-26 11:06:01 +00:00
opt.gnome.lib.bonobo.bonobo-activation-server r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
opt.gnome.lib.GConf.2.gconfd-2 r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
README r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.dhclient r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.dhcpcd crispin noticed that this profile includes a pointless Px domain transition 2006-08-21 22:11:47 +00:00
sbin.portmap r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.resmgrd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
sbin.rpc.lockd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
sbin.rpc.statd Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to create /var/lib/nfs/sm/<server>: err=-2" 2007-01-26 09:57:42 +00:00
usr.bin.apropos r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.fam r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.freshclam new profiles for clamav and syslog-ng; improvements to postfix's virtual component. Changes suggested by Christian Boltz, thanks 2006-11-05 08:39:33 +00:00
usr.bin.man remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.bin.mlmmj-bounce r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-maintd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-make-ml.sh r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-process r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-recieve r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-send darix noticed I had forgotten the svn:keywords property on all my new files and cut-n-waste was blaming steve for all these files 2006-05-02 21:41:28 +00:00
usr.bin.mlmmj-sub r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.mlmmj-unsub r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.opera r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.passwd new passwd profile and sshd changes from Volker Kuhlmann in extras/ 2007-01-05 13:02:25 +00:00
usr.bin.procmail r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.bin.spamc Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
usr.bin.svnserve Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.lib.firefox.firefox-bin r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.firefox.firefox.sh r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.firefox.mozilla-xremote-client r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.man-db.man Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim: 2007-01-26 10:52:26 +00:00
usr.lib.openldap.slapd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.anvil r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.bounce r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.cleanup r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.discard r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.error r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.flush r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.lmtp r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.local r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.master r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.nqmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.oqmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.pickup r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.pipe r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.proxymap r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.qmgr r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.qmqpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.scache r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.showq r3528@dhcp-81: root | 2006-08-02 16:39:14 -0700 2006-08-04 18:14:15 +00:00
usr.lib.postfix.smtp https://bugzilla.novell.com/show_bug.cgi?id=178073 2006-10-18 20:13:42 +00:00
usr.lib.postfix.smtpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.spawn r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.tlsmgr Postfix tlsmgr in 10.2 uses some kind of connection caching stuff; 2006-12-08 06:26:21 +00:00
usr.lib.postfix.trivial-rewrite r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.verify r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.lib.postfix.virtual new profiles for clamav and syslog-ng; improvements to postfix's virtual component. Changes suggested by Christian Boltz, thanks 2006-11-05 08:39:33 +00:00
usr.lib.RealPlayer10.realplay remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.NX.bin.nxclient r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.dhcpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.httpd2-prefork apache certificate and key fix from Volker Kuhlmann 2007-01-03 06:51:17 +00:00
usr.sbin.imapd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.in.fingerd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.in.ftpd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.in.ntalkd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.ipop2d r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.ipop3d r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.lighttpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.mysqld Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
usr.sbin.nmbd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.oidentd darix noticed I had forgotten the svn:keywords property on all my new files and cut-n-waste was blaming steve for all these files 2006-05-02 21:41:28 +00:00
usr.sbin.popper lost profile, not sure why it wasn't checked in earlier 2006-10-31 14:26:09 +00:00
usr.sbin.postalias r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.postdrop postfix permissions=paranoid fixes from Volker Kuhlmann 2007-01-03 07:29:28 +00:00
usr.sbin.postmap r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.postqueue postfix permissions=paranoid fixes from Volker Kuhlmann 2007-01-03 07:29:28 +00:00
usr.sbin.sendmail Bug 190079 - sendmail can't open control socket 2007-01-26 13:56:52 +00:00
usr.sbin.sendmail.postfix r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.sendmail.sendmail r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.smbd Update svn:keywords properties. 2006-04-12 20:35:41 +00:00
usr.sbin.spamd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.squid r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.sshd A couple of directory fixups for sshd. 2007-04-10 23:34:06 +00:00
usr.sbin.useradd Bug 202095 - useradd / userdel profiles incomplete 2006-11-13 09:53:10 +00:00
usr.sbin.userdel Bug 202095 - useradd / userdel profiles incomplete 2007-01-26 13:28:39 +00:00
usr.sbin.vsftpd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.sbin.xinetd r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.X11R6.bin.acroread r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00
usr.X11R6.bin.ethereal remove empty lines with spaces, reported by cboltz 2006-11-03 12:58:04 +00:00
usr.X11R6.bin.xfs r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 2006-08-04 18:13:59 +00:00

README 

The profiles in this directory are not turned on by default because they
are not as mature as the profiles in /etc/apparmor.d/.

In some cases, it is because the profile hasn't been updated to work
with newer code; in other cases, it because any benefit provided by the
profile is much less than the potential for causing problems.

In short, feel free to try these profiles if you wish, but be aware that
they may not work on default configurations, let alone your specific
configuration.

To use, for example, the postfix profiles, we recommend running commands
such as:

  # cd /etc/apparmor/profiles/extras
  # mv *postfix* usr.sbin.post* /etc/apparmor.d/
  # mv usr.bin.procmail usr.sbin.sendmail /etc/apparmor.d/
  # aa-complain /etc/apparmor.d/*postfix*
  # aa-complain /etc/apparmor.d/usr.sbin.post*
  # aa-complain /etc/apparmor.d/usr.bin.procmail
  # aa-complain /etc/apparmor.d/usr.sbin.sendmail
  # rcpostfix restart
  # rcapparmor restart
    <use postfix>
  # aa-logprof
    <answer some questions>

Once you've used the profiles enough to feel confident that they will
work for your situation, then run commands such as the following:

  # aa-enforce /etc/apparmor.d/*postfix*
  # aa-enforce /etc/apparmor.d/usr.sbin.post*
  # aa-enforce /etc/apparmor.d/usr.bin.procmail 
  # aa-enforce /etc/apparmor.d/usr.sbin.sendmail

You may use the aa-unconfined tool to make sure your profiles are
working as you expect.

Feedback on these unsupported profiles is welcomed; any
contributions for this directory should be clearly licensed
-- we recommend using the GPL. Please mail suggestions or
modifications to the apparmor-general@forge.novell.com mail list:
http://forge.novell.com/mailman/listinfo/apparmor-general

Thanks