Immunizing Network Applications - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
20.4 Immunizing Network
An automated method for finding network server daemons that should be profiled is to
use the aa-unconfined tool. You can also simply view a report of this information
in the YaST module (refer to
tions).
The aa-unconfined tool uses the command netstat -nlp to inspect your open
ports from inside your computer, detect the programs associated with those ports, and
inspect the set of Novell AppArmor profiles that you have loaded. aa-unconfined
then reports these programs along with the Novell AppArmor profile associated with
each program or reports "none" if the program is not confined.
NOTE
If you create a new profile, you must restart the program that has been profiled
to have it be effectively confined by AppArmor.
Below is a sample aa-unconfined output:
2325 /sbin/portmap not confined
3702
by '/usr/sbin/sshd
4040 /usr/sbin/ntpd confined by '/usr/sbin/ntpd (enforce)'
4373 /usr/lib/postfix/master confined by '/usr/lib/postfix/master (enforce)'
4505 /usr/sbin/httpd2-prefork confined by '/usr/sbin/httpd2-prefork (enforce)'
5274 /sbin/dhcpcd not confined
5592 /usr/bin/ssh not confined
7146 /usr/sbin/cupsd confined by '/usr/sbin/cupsd (complain)'
The first portion is a number. This number is the process ID number (PID) of the
listening program.
The second portion is a string that represents the absolute path of the listening
program
The final portion indicates the profile confining the program, if any.
192
Security Guide
Applications
/usr/sbin/sshd
confined
(enforce)'
Section "Application Audit Report"
(page 299) for instruc-
Advertisement
Table of Contents
