/srv/irclogs.ubuntu.com/2023/06/14/#ubuntu-security.txt

=== ebarretto_ is now known as ebarretto
=== ebarretto_ is now known as 074AAA7KQ
=== 074AAA7KQ is now known as ebarretto
=== kajiya_ is now known as kajiya
=== chris14_ is now known as chris14
=== JanC_ is now known as JanC
Guest66	I would like to know more about apparmor. For example, when considering server hardening, should apparmor left alone (ie. at defaults) or should applications be actively managed , or should applications unknown to apparmor be actively managed by creating profiles for them? Is there a list of profiles contained in the apparmor-profiles package	13:54
Guest66	(which is not installed by default) somewhere?	13:54
rbasak	Guest66: https://packages.ubuntu.com/jammy/all/apparmor-profiles/filelist	14:19
rbasak	You might find the output of "sudo aa-status" helpful. Compare that with the services you run.	14:20
sdeziel	`ps fauxZ` is also handy to ID which profiles cover which processes	14:22
rbasak	Nice!	14:22
Guest66	thanks. I see that aa-status reports the currently loaded profiles which is handy. It doesn't tell me what's in that apparmor-profiles package though.	14:42
Guest66	ps fauxZ - not seem that one before. It shows a list of everything unconfined. Also useful. I guess between the two one can determine whether an app is managed by apparmor or not.	14:44
Guest66	I like that is also shows which user owns the running process. Thnx	14:47
Guest66	actually ps -ef does that as well...	14:48
Guest66	ios the an apparmor specific project, or irc channel?	14:55
JanC	Guest66: there is #apparmor on OFTC	14:59
Guest66	thanks	15:03
Guest66	I guess that's why I didn't find that channel on Libera :-)	15:06
=== JanC_ is now known as JanC
=== sdeziel_ is now known as sdeziel
=== JanC is now known as Guest340
=== JanC_ is now known as JanC
=== Serge is now known as hallyn

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!