/srv/irclogs.ubuntu.com/2023/01/10/#ubuntu-security.txt

ahasenack_sdeziel: hi, I am looking at enabling apparmor by default on rsyslog, and saw your name in a changelog entry regarding that profile18:04
ahasenack_do you use rsyslog with apparmor in enforcing mode?18:04
=== ahasenack_ is now known as ahasenack
sdezielahasenack: yes and I've been doing so since 16.04 IIRC18:07
ahasenacklet's flip the switch then18:07
sdezielawesome!18:08
ahasenackI'll do some checking in lunar18:08
ahasenacksdeziel: do you use remote logging?18:08
ahasenackor any "interesting" target for the logs?18:08
sdezielahasenack: yes, I have it in enforcing on clients streaming to an aggregator18:08
ahasenacktl?18:08
ahasenacktls?18:08
sdezielthe aggregator listens on UDP/514 for now, TLS is something I have yet to get to18:09
ahasenackiirc it uses gnutls, and the apparmor profile would have to allow reading the tls bits like /etc/gnutls/config and others18:09
ahasenacksomething I will check18:09
ahasenackis there a better way to find out where an apparmor rule is that is allowing access to a certain file?20:33
ahasenackI checked the profile, and its includes, and can't find what is allowing /etc/ssl/certs/ca-certificates.crt20:33
ahasenackwhich I'm glag it is, because I need it, but I can't find the rule20:33
ahasenackit's the rsyslogd profile20:33
ahasenackit has an incude for an openssl abstraction, but it's commented20:34
ahasenack  ##include <abstractions/openssl>20:34
ahasenackabstractions/base includes abstractions/crypto, but I didn't see a rule for that in the crypto abstraction20:34
sdezielahasenack: `apparmor_parser -p /etc/apparmor.d/usr.sbin.rsyslogd`20:34
sdezielthis will show you the preprocessed/aggregated full rulest20:35
ahasenacknice20:35
ahasenackok, I see abstractions/ssl_certs was included by something20:36
ahasenackok, got it20:38
ahasenackrsyslog -> nameservice -> ldapclient -> ssl_certs20:38

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!