From cc4d37dab9a68db81949e51c17bd6f696d03ad45 Mon Sep 17 00:00:00 2001
From: Marc Schoechlin <marc.schoechlin@globalways.net>
Date: Sat, 28 Oct 2017 11:17:18 +0200
Subject: [PATCH] Updated rules

---
 helpers/usr.local.bin.auditshell | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/helpers/usr.local.bin.auditshell b/helpers/usr.local.bin.auditshell
index efef8a1..aca45e1 100644
--- a/helpers/usr.local.bin.auditshell
+++ b/helpers/usr.local.bin.auditshell
@@ -1,4 +1,3 @@
-
 # Apparmor profile for the auditshell
 
 #include<tunables/global>
@@ -18,13 +17,15 @@
      network     inet tcp,
      /**           lrwix,
 
-	  # TCP/UDP network access
-	  network inet  stream,
-	  network inet6 stream,
-	  network inet  dgram,
-	  network inet6 dgram,
+     # TCP/UDP network access
+     network inet  stream,
+     network inet6 stream,
+     network inet  dgram,
+     network inet6 dgram,
      network netlink raw,
 
+     /usr/local/bin/auditshell-sessions    cx,
+
      deny /usr/bin/chsh lrwx,
      deny /var/log/auditshell/  lrwx,
      deny /var/log/auditshell/**  lrwx,
@@ -37,5 +38,17 @@
 #       interface="org.freedesktop.resolve1.Manager"
 #       member="Resolve{Address,Hostname,Record,Service}"
 #       peer=(name="org.freedesktop.resolve1"),
+
      }
+
+
+   profile /usr/local/bin/auditshell-sessions {
+     #include <abstractions/base>
+     #include <abstractions/bash>
+     /**           lrwix,
+     /var/log/auditshell/  lrix,
+     /var/log/auditshell/**  lrix,
+     deny /usr/bin/chsh lrwx,
+   }
+
 }