[13:54] <Guest66> I would like to know more about apparmor. For example, when considering server hardening, should apparmor left alone (ie. at defaults) or should applications be actively managed , or should applications unknown to apparmor be actively managed by creating profiles for them? Is there a list of profiles contained in the apparmor-profiles package
[13:54] <Guest66> (which is not installed by default) somewhere?
[14:19] <rbasak> Guest66: https://packages.ubuntu.com/jammy/all/apparmor-profiles/filelist
[14:20] <rbasak> You might find the output of "sudo aa-status" helpful. Compare that with the services you run.
[14:22] <sdeziel> `ps fauxZ` is also handy to ID which profiles cover which processes
[14:22] <rbasak> Nice!
[14:42] <Guest66> thanks. I see that aa-status reports the currently loaded profiles which is handy. It doesn't tell me what's in that apparmor-profiles package though.
[14:44] <Guest66> ps fauxZ - not seem that one before. It shows a list of everything unconfined. Also useful. I guess between the two one can determine whether an app is managed by apparmor or not.
[14:47] <Guest66> I like that is also shows which user owns the running process. Thnx
[14:48] <Guest66> actually ps -ef does that as well...
[14:55] <Guest66> ios the an apparmor specific project, or irc channel?
[14:59] <JanC> Guest66: there is #apparmor on OFTC
[15:03] <Guest66> thanks
[15:06] <Guest66> I guess that's why I didn't find that channel on Libera :-)