[apparmor] sshd and hats
John Johansen
john.johansen at canonical.com
Mon Sep 28 00:00:27 UTC 2015
On 09/27/2015 01:32 PM, Simon Deziel wrote:
> Hi *,
>
> I found an old profile for sshd [1] and made it work on Ubuntu Trusty.
> Now, everything from the primary/main profile [2] works fine so I'd like
> to make use of hats.
>
> ldd /usr/sbin/sshd | grep apparmor
> # gives nothing...
>
> So I'm wondering if the OpenSSH version shipped by Ubuntu is "hat"
> aware? Any pointers would be greatly appreciated as I'm eager to use
> those hats!
>
It is not, however it should be possible to use the pam_apparmor plugin
to achieve confinement of ssh logins
http://wiki.apparmor.net/index.php/Pam_apparmor
> Thanks in advance,
> Simon
>
> 1:
> https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/apparmor/wily/view/head:/profiles/apparmor/profiles/extras/usr.sbin.sshd
> 2:
> https://github.com/simondeziel/aa-profiles/blob/master/14.04/usr.sbin.sshd
>
More information about the AppArmor
mailing list