[ubuntu-hardened] [Q] AppArmor profile for a rsyslog logging daemon.

Jamie Strandboge jamie at canonical.com
Mon Oct 19 19:43:36 UTC 2015

On 10/18/2015 12:38 PM, Daniel Curtis wrote:
> Hello
> I would like to aks only about a default profile for a reliable
> system and kernel logging daemon, called rsyslog. I mean
> a default profile, which can be found, for example, in the
> /etc/apparmor.d/disable/usr.sbin.rsyslog file. (Ubuntu 12.04
> LTS).
> What about security of this profile? It is written well or there
> is many aspects to fix and that is the reason why this profile
> is disabled (by default)?
> So, can I put rsyslog in an enforce state or it is a bad idea? If
> it will be needed, I can paste profile here (in my next e-mail).
The profile is fine as is and should work well for standard installs. The only
reason why it is disabled is because logging is highly configurable and the
profile is not guaranteed to work in all common situations.

If you have the apparmor-utils package installed, you can do:
$ sudo aa-enforce /etc/apparmor.d/usr.sbin.rsyslog

Otherwise, you can do:
$ sudo rm -f /etc/apparmor.d/disable/usr.sbin.rsyslog
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.rsyslog

Hope this helps

Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151019/7729ae24/attachment.pgp>

More information about the ubuntu-hardened mailing list