Novell APPARMOR Admin Manual page 15

How To Immunize With Novell AppArmor
Scanning your server for open network ports can be done manually
from outside the machine using a scanner such as nmap, or from
inside the machine using netstat, and then inspecting the machine
to determine which programs are answering on the discovered open
ports.
Using Unconfined To Inspect Open Ports
An automated method for finding network server daemons that should
be profiled is to use the unconfined t o o l . U s i n g t h e c o mma n d " n e t -
s t a t - n l p , " t h e unconfined tool inspects your open ports from inside
your computer, detects the programs associated with those ports,
inspects the set of Novell AppArmor profiles that you have loaded.
Unconfined then reports these programs along with the Novell AppAr-
mor profile associated with each program, or reports "none" if the pro-
gram is not confined.
Note:
If you create a new profile, you must restart the program that
has been profiled in order for unconfined to detect and report the new
profiled state.
Below you will find sample unconfined output:
• The first portion is a number. This number is the Process ID num-
ber (PID), of the listening program.
• The second portion is a string, which represents is the absolute
path of the listening program
• The final portion indicates the profile confining the program, if any.
2325 /sbin/portmap not confined
3702 /usr/sbin/sshd confined by '/usr/sbin/sshd (enforce)'
4040 /usr/sbin/ntpd confined by '/usr/sbin/ntpd (enforce)'
4373 /usr/lib/postfix/master confined by
'/usr/lib/postfix/master (enforce)'
4505 /usr/sbin/httpd2-prefork confined by
'/usr/sbin/httpd2-prefork (enforce)'
5274 /sbin/dhcpcd not confined
5592 /usr/bin/ssh not confined
7146 /usr/sbin/cupsd confined by '/usr/sbin/cupsd
(complain)'
15