Apparmor: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 68: | Zeile 68: | ||
1034 /usr/sbin/sshd not confined | 1034 /usr/sbin/sshd not confined | ||
17017 /usr/lib/ipsec/charon confined by '/usr/lib/ipsec/charon (enforce)' | 17017 /usr/lib/ipsec/charon confined by '/usr/lib/ipsec/charon (enforce)' | ||
| + | =disable service from apparmor temporarily= | ||
| + | *apparmor_parser -R /etc/apparmor.d/usr.sbin.tcpdump | ||
| + | =enable to apparmor = | ||
| + | *apparmor_parser /etc/apparmor.d/usr.sbin.tcpdump | ||
| + | =disable service from apparmor permanently= | ||
| + | *ln -s /etc/apparmor.d/usr.sbin.tcpdump /etc/apparmor.d/disable/ | ||
| + | *service restart apparmor | ||
| + | =undo and enable the service= | ||
| + | *rm /etc/apparmor.d/disable/usr.sbin.tcpdump | ||
| + | *service restart apparmor | ||
| + | |||
=Links= | =Links= | ||
*https://www.pcwelt.de/ratgeber/Apparmor_-_So_machen_Sie_Linux_bombensicher-Zugriffsrechte-8255980.html | *https://www.pcwelt.de/ratgeber/Apparmor_-_So_machen_Sie_Linux_bombensicher-Zugriffsrechte-8255980.html | ||
Version vom 19. November 2017, 22:24 Uhr
Checken ob Apparmor installiert ist
- dpkg -l apparmor
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name Version Architektur Beschreibung
+++-=========================================-=========================-=========================-=======================================================================================
ii apparmor 2.10.95-0ubuntu2.6 amd64 user-space parser utility for AppArmor
Läuft Apparmor
- systemctl status apparmor
● apparmor.service - LSB: AppArmor initialization
Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
Active: active (exited) since Di 2017-10-24 11:55:53 CEST; 2 weeks 3 days ago
Docs: man:systemd-sysv-generator(8)
Process: 591 ExecStart=/etc/init.d/apparmor start (code=exited, status=0/SUCCESS)
Tasks: 0
Memory: 0B
CPU: 0
AA Status
- aa-status
apparmor module is loaded. 14 profiles are loaded. 14 profiles are in enforce mode. /sbin/dhclient /usr/bin/lxc-start /usr/bin/ubuntu-core-launcher /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/ipsec/charon /usr/lib/ipsec/stroke /usr/lib/lxd/lxd-bridge-proxy /usr/sbin/tcpdump lxc-container-default lxc-container-default-cgns lxc-container-default-with-mounting lxc-container-default-with-nesting 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode. /usr/lib/ipsec/charon (17017) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
Apparmor Modi
- Enforce-Modus
- Unterbindet alle Regelverstösse
- Complain-Modus
- Protokolliert alle Regelverstösse
- Audit-Modus
- Checken potentieller Regelverstösse
Apparmor Utils
- apt install apparmor-utils
aa-audit
Setzen einen Anwendung in den Auditmodus
- aa-audit /etc/apparmor.d/usr.lib.ipsec.charon
Setting /etc/apparmor.d/usr.lib.ipsec.charon to audit mode.
aa-unconfined
Checken welche Netzwerkdienste nicht überwacht werden
- aa-unconfine
1034 /usr/sbin/sshd not confined 17017 /usr/lib/ipsec/charon confined by '/usr/lib/ipsec/charon (enforce)'
disable service from apparmor temporarily
- apparmor_parser -R /etc/apparmor.d/usr.sbin.tcpdump
enable to apparmor
- apparmor_parser /etc/apparmor.d/usr.sbin.tcpdump
disable service from apparmor permanently
- ln -s /etc/apparmor.d/usr.sbin.tcpdump /etc/apparmor.d/disable/
- service restart apparmor
undo and enable the service
- rm /etc/apparmor.d/disable/usr.sbin.tcpdump
- service restart apparmor