Here you go
# $Id: logprof.conf 981 2007-09-17 03:28:26Z DominicReynolds_ $ # ------------------------------------------------------------------ # # Copyright (C) 2004-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ [settings] profiledir = /etc/apparmor.d /etc/subdomain.d inactive_profiledir = /usr/share/doc/apparmor-profiles/extras logfiles = /var/log/audit/audit.log /var/log/messages /var/log/syslog parser = /sbin/apparmor_parser /sbin/subdomain_parser ldd = /usr/bin/ldd logger = /bin/logger /usr/bin/logger # custom directory locations to look for #includes # # each name should be a valid directory containing possible #include # candidate files under the profile dir which by default is /etc/apparmor.d. # # So an entry of my-includes will allow /etc/apparmor.d/my-includes to # be used by the yast UI and profiling tools as a source of #include # files. custom_includes = [repository] distro = ubuntu-gutsy url = http://apparmor.test.opensuse.org/backend/api preferred_user = ubuntu [qualifiers] # things will be painfully broken if bash has a profile /bin/bash = iu /bin/ksh = iu # these programs can't function if they're confined /bin/mount = u /etc/init.d/subdomain = u /sbin/cardmgr = u /sbin/subdomain_parser = u /usr/sbin/genprof = u /usr/sbin/logprof = u /usr/lib/YaST2/servers_non_y2/ag_genprof = u /usr/lib/YaST2/servers_non_y2/ag_logprof = u # these ones shouln't have their own profiles /bin/awk = i /bin/cat = i /bin/chmod = i /bin/chown = i /bin/cp = i /bin/gawk = i /bin/grep = i /bin/gunzip = i /bin/gzip = i /bin/kill = i /bin/ln = i /bin/ls = i /bin/mkdir = i /bin/mv = i /bin/readlink = i /bin/rm = i /bin/sed = i /bin/touch = i /sbin/killall5 = i /usr/bin/find = i /usr/bin/killall = i /usr/bin/nice = i /usr/bin/perl = i /usr/bin/tr = i [required_hats] ^.+/apache(|2|2-prefork)$ = DEFAULT_URI HANDLING_UNTRUSTED_INPUT ^.+/httpd(|2|2-prefork)$ = DEFAULT_URI HANDLING_UNTRUSTED_INPUT [defaulthat] ^.+/apache(|2|2-prefork)$ = DEFAULT_URI ^.+/httpd(|2|2-prefork)$ = DEFAULT_URI [globs] # /foo/bar/lib/libbaz.so -> /foo/bar/lib/lib* /lib/lib[^\/]+so[^\/]*$ = /lib/lib*so* # strip kernel version numbers from kernel module accesses ^/lib/modules/[^\/]+\/ = /lib/modules/*/ # strip pid numbers from /proc accesses ^/proc/\d+/ = /proc/*/ # if it looks like a home directory, glob out the username ^/home/[^\/]+ = /home/* # if they use any perl modules, grant access to all ^/usr/lib/perl5/.+$ = /usr/lib/perl5/** # locale foo ^/usr/lib/locale/.+$ = /usr/lib/locale/** ^/usr/share/locale/.+$ = /usr/share/locale/** # timezone fun ^/usr/share/zoneinfo/.+$ = /usr/share/zoneinfo/** # /foobar/fonts/baz -> /foobar/fonts/** /fonts/.+$ = /fonts/** # turn /foo/bar/baz.8907234 into /foo/bar/baz.* # BUGBUG - this one looked weird because it would suggest a glob for # BUGBUG - libfoo.so.5.6.0 that looks like libfoo.so.5.6.* # \.\d+$ = .* # some various /etc/security poo -- dunno about these ones... ^/etc/security/_[^\/]+$ = /etc/security/* ^/lib/security/pam_filter/[^\/]+$ = /lib/security/pam_filter/* ^/lib/security/pam_[^\/]+\.so$ = /lib/security/pam_*.so ^/etc/pam.d/[^\/]+$ = /etc/pam.d/* ^/etc/profile.d/[^\/]+\.sh$ = /etc/profile.d/*.sh -- Profile violations fail to log correctly https://bugs.launchpad.net/bugs/157952 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
