On 08/27/2014 07:31 PM, intrigeri wrote: > Hi, > > Jamie Strandboge wrote (27 Aug 2014 23:45:50 GMT) : >> FYI, I did an archive grep on Ubuntu 14.10 this week and updated our list >> here: >> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles > >> It is complete, but could be better organized (esp. with identifying the >> profiles shipped in our apparmor-profiles package). > > Great, thanks! I'm curious how you did this archive grep, and whether > it could be run automatically on a regular basis. May you please share > the scripts (or, failing that, methodology) that you used? > I have a local debmirror for i386 and amd64. It could be automated if you had access to a full mirror. I use the 'for-archive' tool from here: http://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/files/head:/repo-tools (see ../README, ./for-archive and ./for-archive-tools).
I used this: $ . $HOME/.ubuntu-security-tools.conf $ export GREP="egrep" $ for comp in main universe multiverse; do $HOME/bin/for-archive $archive_mirror/dists/utopic/$comp/binary-i386/Packages.gz $archive_mirror $HOME/bin/for-archive-tools/unpack-list '/etc/apparmor.d/'; done | tee forarchive-aa.log Alternatively, you can use Debian's codesearch, but it is pretty unwieldy: http://codesearch.debian.net/search?q=%2Fetc%2Fapparmor.d Ubuntu's gives incomplete results: http://ubuntu-codesearch.surgut.co.uk/search?q=/etc/apparmor.d To have results similar to codesearch, can do something like: $ for comp in main universe multiverse; do ~/bin/for-archive $archive_mirror/dists/utopic/$comp/binary-i386/Packages.gz $archive_mirror ~/bin/for-archive-tools/unpack-search '/etc/apparmor.d/'; done | tee ~/forarchive-aa-full.log Interestingly, when I looked at the Ubuntu codesearch, I saw mosquitto and it looked like the for-archive tool missed it. However, when I grabbed the debs and unpacked them I found none of them actually shipped the mosquitto profile that the maintainer scripts were trying to manipulate. Funny :) -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
