You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.1 KiB
54 lines
1.1 KiB
# Apparmor profile for the auditshell
|
|
|
|
#include<tunables/global>
|
|
|
|
/usr/local/bin/auditshell {
|
|
|
|
#include <abstractions/base>
|
|
|
|
/** lrwix,
|
|
|
|
/bin/bash cx,
|
|
|
|
profile /bin/bash {
|
|
#include <abstractions/base>
|
|
#include <abstractions/bash>
|
|
|
|
network inet tcp,
|
|
/** lrwix,
|
|
|
|
# TCP/UDP network access
|
|
network inet stream,
|
|
network inet6 stream,
|
|
network inet dgram,
|
|
network inet6 dgram,
|
|
network netlink raw,
|
|
|
|
/usr/local/bin/auditshell-sessions cx,
|
|
|
|
deny /usr/bin/chsh lrwx,
|
|
deny /var/log/auditshell/ lrwx,
|
|
deny /var/log/auditshell/** lrwx,
|
|
|
|
|
|
#include <abstractions/dbus-strict>
|
|
# dbus send
|
|
# bus=system
|
|
# path="/org/freedesktop/resolve1"
|
|
# interface="org.freedesktop.resolve1.Manager"
|
|
# member="Resolve{Address,Hostname,Record,Service}"
|
|
# peer=(name="org.freedesktop.resolve1"),
|
|
|
|
}
|
|
|
|
|
|
profile /usr/local/bin/auditshell-sessions {
|
|
#include <abstractions/base>
|
|
#include <abstractions/bash>
|
|
/** lrwix,
|
|
/var/log/auditshell/ lrix,
|
|
/var/log/auditshell/** lrix,
|
|
deny /usr/bin/chsh lrwx,
|
|
}
|
|
|
|
}
|