[apparmor] [patch] sshd profile patch
John Johansen
john.johansen at canonical.com
Fri Aug 12 21:13:06 UTC 2011
On 08/12/2011 01:07 PM, Christian Boltz wrote:
> Hello,
>
> Am Montag, 8. August 2011 schrieb Christian Boltz:
>> @Jeff: can you please comment on the sshd profile?
>>
>> Am Montag, 8. August 2011 schrieb Steve Beattie:
>>> On Sat, Aug 06, 2011 at 02:30:52PM +0200, Christian Boltz wrote:
>
>>>> From: Jeff Mahoney<jeffm at suse.com>
>>>> Subject: Fix for sshd profile
>>>> References: bnc#457072
>
>>>> --- a/profiles/apparmor/profiles/extras/usr.sbin.sshd
>>>> +++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
>>>>
>>>> + capability audit_control,
>>>
>>> I really, really dislike allowing audit_control. Basically, a
>>> confined process with it can turn off audit logging by auditd/the
>>> audit subsystem or manipulate it in such away as to hide audit
>>> events. Does sshd really fail to start if audit_control is
>>> disallowed? I'd honestly rather see a deny rule here.
>>
>> Jeff?
>
> I just tested this myself on openSUSE 11.4:
>
> With "deny capability audit_control":
>
> # ssh localhost
> Last login: Fri Aug 12 18:30:30 2011 from console
> Have a lot of fun...
> Connection to localhost closed.
> #
>
> In other words: I'm instantly logged out - that makes ssh quite secure,
> but useless ;-)
>
> When allowing audit_control, login works - which means it is really
> needed.
>
okay, thanks for testing. Since we don't have a choice we can live with
this for now, and revisit in it 3.0 when we should have some better
audit controls.
More information about the AppArmor
mailing list