[ubuntu-hardened] [Q] AppArmor profile for a rsyslog logging daemon.
jamie at canonical.com
Mon Oct 19 19:43:36 UTC 2015
On 10/18/2015 12:38 PM, Daniel Curtis wrote:
> I would like to aks only about a default profile for a reliable
> system and kernel logging daemon, called rsyslog. I mean
> a default profile, which can be found, for example, in the
> /etc/apparmor.d/disable/usr.sbin.rsyslog file. (Ubuntu 12.04
> What about security of this profile? It is written well or there
> is many aspects to fix and that is the reason why this profile
> is disabled (by default)?
> So, can I put rsyslog in an enforce state or it is a bad idea? If
> it will be needed, I can paste profile here (in my next e-mail).
The profile is fine as is and should work well for standard installs. The only
reason why it is disabled is because logging is highly configurable and the
profile is not guaranteed to work in all common situations.
If you have the apparmor-utils package installed, you can do:
$ sudo aa-enforce /etc/apparmor.d/usr.sbin.rsyslog
Otherwise, you can do:
$ sudo rm -f /etc/apparmor.d/disable/usr.sbin.rsyslog
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.rsyslog
Hope this helps
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-hardened