Important Filenames And Directories - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

IMPORTANT: Running Unconfined
Choosing ux is very dangerous and provides no enforcement of policy from a
security perspective of resulting execution behavior of the child program.
aa-unconfined—Identifying Unprotected Processes
The aa-unconfined command examines open network ports on your system,
compares that to the set of profiles loaded on your system, and reports network services
that do not have AppArmor profiles. It requires root privileges and that it not be
confined by an AppArmor profile.
aa-unconfined must be run as root to retrieve the process executable link from the
/proc file system. This program is susceptible to the following race conditions:
• An unlinked executable is mishandled
• A process that dies between netstat(8) and further checks is mishandled
NOTE
This program lists processes using TCP and UDP only. In short, this program is
unsuitable for forensics use and is provided only as an aid to profiling all net-
work-accessible processes in the lab.
24.7 Important Filenames and
The following list contains the most important files and directories used by the App-
Armor framework. If you intend to manage and troubleshoot your profiles manually,
make sure that you know about these files and directories:
/sys/kernel/security/apparmor/profiles
Virtualized file representing the currently loaded set of profiles.
272 Security Guide
Directories