From aae472d9cfb2f42a861af8a886c28acd640da545 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Fri, 31 Oct 2025 10:24:31 -0400
Subject: [PATCH] Revert "Move apparmor-info, apparmor-watch to security-misc,
 enable systemd-journald audit transport"

This reverts commit d1e148eba72ff5a095e31842a70afec7f28c8724.
---
 auto-generated-man-pages/apparmor-info.8     | 25 --------------
 auto-generated-man-pages/apparmor-watch.8    | 13 --------
 debian/rules                                 |  5 ---
 debian/security-misc-shared.install          |  2 --
 debian/security-misc-shared.postinst         |  3 --
 man/apparmor-info.8.ronn                     | 34 -------------------
 man/apparmor-watch.8.ronn                    | 23 -------------
 usr/sbin/apparmor-info#security-misc-shared  | 35 --------------------
 usr/sbin/apparmor-watch#security-misc-shared | 24 --------------
 9 files changed, 164 deletions(-)
 delete mode 100644 auto-generated-man-pages/apparmor-info.8
 delete mode 100644 auto-generated-man-pages/apparmor-watch.8
 delete mode 100644 man/apparmor-info.8.ronn
 delete mode 100644 man/apparmor-watch.8.ronn
 delete mode 100755 usr/sbin/apparmor-info#security-misc-shared
 delete mode 100755 usr/sbin/apparmor-watch#security-misc-shared

diff --git a/auto-generated-man-pages/apparmor-info.8 b/auto-generated-man-pages/apparmor-info.8
deleted file mode 100644
index 6f41a72..0000000
--- a/auto-generated-man-pages/apparmor-info.8
+++ /dev/null
@@ -1,25 +0,0 @@
-.\" generated with Ronn-NG/v0.10.1
-.\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "APPARMOR\-INFO" "8" "January 2020" "security-misc" "security-misc Manual"
-.SH "NAME"
-\fBapparmor\-info\fR \- Shows AppArmor DENIED Log Messages
-.SH "SYNOPSIS"
-\fBapparmor\-info\fR
-.SH "DESCRIPTION"
-Shows AppArmor DENIED log messages\.
-.P
-If there are no DENIED log messages, outputs nothing\.
-.SH "RETURN VALUES"
-.IP "\(bu" 4
-\fB0\fR No DENIED messages found, OK\.
-.IP "\(bu" 4
-\fB1\fR DENIED messages found\.
-.IP "" 0
-.SH "EXAMPLE"
-\fBsudo apparmor\-info ; echo $?\fR
-.P
-\fB0\fR
-.P
-No output from \fBapparmor\-info\fR with exit code \fB0\fR\. Meaning, no \fBDENIED\fR messages found, OK\.
-.SH "AUTHOR"
-This man page has been written by Patrick Schleizer (adrelanos@whonix\.org)\.
diff --git a/auto-generated-man-pages/apparmor-watch.8 b/auto-generated-man-pages/apparmor-watch.8
deleted file mode 100644
index 4793d83..0000000
--- a/auto-generated-man-pages/apparmor-watch.8
+++ /dev/null
@@ -1,13 +0,0 @@
-.\" generated with Ronn-NG/v0.10.1
-.\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "APPARMOR\-WATCH" "8" "January 2020" "security-misc" "security-misc Manual"
-.SH "NAME"
-\fBapparmor\-watch\fR \- Watch AppArmor DENIED and ALLOWED Log Messages
-.SH "SYNOPSIS"
-\fBapparmor\-watch\fR
-.SH "DESCRIPTION"
-Watches for AppArmor \fBDENIED\fR and \fBALLOWED\fR log messages\.
-.SH "EXAMPLE"
-\fBsudo apparmor\-watch\fR
-.SH "AUTHOR"
-This man page has been written by Patrick Schleizer (adrelanos@whonix\.org)\.
diff --git a/debian/rules b/debian/rules
index e6e5437..ca5e85c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,10 +8,5 @@
 %:
 	dh $@ --with=config-package
 
-override_dh_installman:
-	mkdir --parents -- debian/security-misc-shared/usr/share/man/man8
-	gzip -c -9 -- auto-generated-man-pages/apparmor-info.8 > debian/security-misc-shared/usr/share/man/man8/apparmor-info.8.gz
-	gzip -c -9 -- auto-generated-man-pages/apparmor-watch.8 > debian/security-misc-shared/usr/share/man/man8/apparmor-watch.8.gz
-
 override_dh_installchangelogs:
 	dh_installchangelogs changelog.upstream upstream
diff --git a/debian/security-misc-shared.install b/debian/security-misc-shared.install
index ca05454..2917ffd 100755
--- a/debian/security-misc-shared.install
+++ b/debian/security-misc-shared.install
@@ -118,8 +118,6 @@ usr/lib/sysctl.d/30_silent-kernel-printk.conf#security-misc-shared => /usr/lib/s
 usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared => /usr/lib/sysctl.d/990-security-misc.conf
 usr/lib/sysctl.d/30_security-misc_kexec-disable.conf#security-misc-shared => /usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
 usr/lib/sysctl.d/30_security-misc_ptrace-disable.conf#security-misc-shared => /usr/lib/sysctl.d/30_security-misc_ptrace-disable.conf
-usr/sbin/apparmor-info#security-misc-shared => /usr/sbin/apparmor-info
-usr/sbin/apparmor-watch#security-misc-shared => /usr/sbin/apparmor-watch
 usr/share/glib-2.0/schemas/30_security-misc.gschema.override#security-misc-shared => /usr/share/glib-2.0/schemas/30_security-misc.gschema.override
 usr/share/doc/security-misc/fstab-vm#security-misc-shared => /usr/share/doc/security-misc/fstab-vm
 usr/share/pam-configs/faillock-preauth-security-misc#security-misc-shared => /usr/share/pam-configs/faillock-preauth-security-misc
diff --git a/debian/security-misc-shared.postinst b/debian/security-misc-shared.postinst
index fafd93f..f77f39a 100644
--- a/debian/security-misc-shared.postinst
+++ b/debian/security-misc-shared.postinst
@@ -103,9 +103,6 @@ case "$1" in
             chmod 0600 "${usbguard_config_file}"
           fi
         done
-
-        ## Enable systemd-journald audit transport
-        deb-systemd-helper enable systemd-journald-audit.socket
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/man/apparmor-info.8.ronn b/man/apparmor-info.8.ronn
deleted file mode 100644
index bb724ac..0000000
--- a/man/apparmor-info.8.ronn
+++ /dev/null
@@ -1,34 +0,0 @@
-apparmor-info(8) -- Shows AppArmor DENIED Log Messages
-=============================================
-
-<!--
-# Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
-# See the file COPYING for copying conditions.
--->
-
-## SYNOPSIS
-
-`apparmor-info`
-
-## DESCRIPTION
-
-Shows AppArmor DENIED log messages.
-
-If there are no DENIED log messages, outputs nothing.
-
-## RETURN VALUES
-* `0` No DENIED messages found, OK.
-* `1` DENIED messages found.
-
-## EXAMPLE
-
-`sudo apparmor-info ; echo $?`
-
-`0`
-
-No output from `apparmor-info` with exit code `0`.
-Meaning, no `DENIED` messages found, OK.
-
-## AUTHOR
-
-This man page has been written by Patrick Schleizer (adrelanos@whonix.org).
diff --git a/man/apparmor-watch.8.ronn b/man/apparmor-watch.8.ronn
deleted file mode 100644
index 9ba3cc2..0000000
--- a/man/apparmor-watch.8.ronn
+++ /dev/null
@@ -1,23 +0,0 @@
-apparmor-watch(8) -- Watch AppArmor DENIED and ALLOWED Log Messages
-=============================================
-
-<!--
-# Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
-# See the file COPYING for copying conditions.
--->
-
-## SYNOPSIS
-
-`apparmor-watch`
-
-## DESCRIPTION
-
-Watches for AppArmor `DENIED` and `ALLOWED` log messages.
-
-## EXAMPLE
-
-`sudo apparmor-watch`
-
-## AUTHOR
-
-This man page has been written by Patrick Schleizer (adrelanos@whonix.org).
diff --git a/usr/sbin/apparmor-info#security-misc-shared b/usr/sbin/apparmor-info#security-misc-shared
deleted file mode 100755
index 3a3dd1a..0000000
--- a/usr/sbin/apparmor-info#security-misc-shared
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
-## See the file COPYING for copying conditions.
-
-## https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/22
-
-## Not using sudo hardcoded below.
-## https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/29
-if [ "$(id -u)" != "0" ]; then
-   echo "ERROR: Must run as root." >&2
-   echo "sudo $0" >&2
-   exit 112
-fi
-
-## Default.
-exit_code=0
-
-## Parses AppArmor denial logs to hide unnecessary information and remove duplicates.
-
-output_denied="$(journalctl _TRANSPORT=audit --output cat "${@}" | grep "DENIED" | sed -e 's/pid=.* comm/comm/g' | sed -e 's/ fsuid.*//g' | awk '!x[$0]++')"
-
-if [ ! "$output_denied" = "" ]; then
-   exit_code=1
-   echo "$output_denied"
-fi
-
-output_allowed="$(journalctl _TRANSPORT=audit --output cat "${@}" | grep "ALLOWED" | sed -e 's/pid=.* comm/comm/g' | sed -e 's/ fsuid.*//g' | awk '!x[$0]++')"
-
-if [ ! "$output_allowed" = "" ]; then
-   exit_code=1
-   echo "$output_allowed"
-fi
-
-exit "$exit_code"
diff --git a/usr/sbin/apparmor-watch#security-misc-shared b/usr/sbin/apparmor-watch#security-misc-shared
deleted file mode 100755
index 9764120..0000000
--- a/usr/sbin/apparmor-watch#security-misc-shared
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-
-## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
-## See the file COPYING for copying conditions.
-
-## https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/22
-
-## Not using sudo hardcoded below.
-## https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/29
-if [ "$(id -u)" != "0" ]; then
-   echo "ERROR: Must run as root." >&2
-   echo "sudo $0" >&2
-   exit 112
-fi
-
-while read -r -d $'\n' line; do
-   line=$(echo "$line" | grep "ALLOWED\|DENIED")
-   line=$(echo "$line" | sed -e 's/pid=.* comm/comm/g')
-   line=$(echo "$line" | sed -e 's/ fsuid.*//g')
-   if [ "$line" = "" ]; then
-      continue
-   fi
-   echo "$line"
-done < <( journalctl _TRANSPORT=audit --follow --lines=0 --output cat "${@}" )