[apparmor] [profile] netstat(8): plenty of DENIED messages; repeated "target=*" value.
Seth Arnold
seth.arnold at canonical.com
Fri Jan 13 02:29:01 UTC 2017
Hi Daniel,
On Wed, Jan 11, 2017 at 07:09:14PM +0100, daniel curtis wrote:
> Hello
> owner @{PROC}/*/net/tcp6 r,
> owner @{PROC}/*/net/udp6 r,
> owner @{PROC}/*/net/raw6 r,
> As we can see these DENIED entries are related to rules, which I've removed
> previously. So: are they needed or not? (I'm not using the IPv6 protocol.) Have
> I restore these rules back? Or maybe it's just an effect of a chkrootkit
> and I don't need to use rules related to IPv6 proto?
>
> What is your opinion on this one? I'm sorry for such naive questions.
This one is interesting:
On the one hand, you're not using ipv6, so you could just add 'deny' rules
for these and silence them from your logs. So long as netstat handles
errors on these quietly, that's fine.
On the other hand, if something DID start using ipv6 without you knowing
about it, adding those deny rules would make it much more difficult for
you to discover that they are being used.
I suggest adding the rules to allow these file accesses. That way your
tools won't intentionally lie to you about the state of your system.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170112/07de1357/attachment.pgp>
More information about the AppArmor
mailing list