Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 00:18:24 -05:00
Code Issues Projects Releases Packages Wiki Activity

Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport

Browse source
This commit is contained in:
Aaron Rainbolt 2025-10-30 23:05:19 -05:00
parent b168c37e84
commit d1e148eba7
No known key found for this signature in database
GPG key ID: A709160D73C79109
9 changed files with 164 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
usr/sbin/apparmor-info#security-misc-shared Executable file
View file

@ -0,0 +1,35 @@
#!/bin/bash
## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/22
## Not using sudo hardcoded below.
## https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/29
if [ "$(id -u)" != "0" ]; then
echo "ERROR: Must run as root." >&2
echo "sudo $0" >&2
exit 112
fi
## Default.
exit_code=0
## Parses AppArmor denial logs to hide unnecessary information and remove duplicates.
output_denied="$(journalctl _TRANSPORT=audit --output cat "${@}" | grep "DENIED" | sed -e 's/pid=.* comm/comm/g' | sed -e 's/ fsuid.*//g' | awk '!x[$0]++')"
if [ ! "$output_denied" = "" ]; then
exit_code=1
echo "$output_denied"
fi
output_allowed="$(journalctl _TRANSPORT=audit --output cat "${@}" | grep "ALLOWED" | sed -e 's/pid=.* comm/comm/g' | sed -e 's/ fsuid.*//g' | awk '!x[$0]++')"
if [ ! "$output_allowed" = "" ]; then
exit_code=1
echo "$output_allowed"
fi
exit "$exit_code"