A couple of days ago, I created an AppArmor profile for ArpON 3 (ng)
application. As we know, ArpON is a solution that make the ARP
protocol secure and help to avoid - for example - the Man In The
Middle (MITM) attack, the ARP spoofing, ARP cache poisoning or ARP
poison routing attack etc.

So, I used aa-genprof(8) utility to create a base profile and restart
ArpON to make some tests etc. Next, to scan the log files I used
aa-logprof(8) program. It gives a suggestions for modifying the
profile and asks which execution mode should be used etc. Profile is
pretty short, but there is something that is confusing me.

I would like ask a question about some of the network rules suggested
by aa-logprof(8). AppArmor supports simple coarse grained network
mediation and the network rule can restrict all socket(2) based
operations, right? So, here it is:

  network bluetooth raw,
  network inet dgram,
  network netlink raw,
  network packet dgram,
  network packet raw,

These are the rules suggested by aa-logprof(8) program. But, looking
on the ArpON profile and how its works, I wonder if 'network bluetooth
raw,' rule is needed. Does bluetooth have something to do with ArpON
in general? Anyway, maybe it's normall and everything is OK?

One more thing: log files contains something like this one. Is it
normall, should I add a rule to the profile?

‚óŹ apparmor="ALLOWED" operation="open" profile="/usr/sbin/arpon"
name="/sys/bus/usb/devices/" pid=3131 comm="arpon" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0

If it's about log entries: in some cases 'requested_mask' and
'denied_mask' have "send", "create", "receive", "getopt", "setopt",
"getattr" values etc. 'family' are "netlink" (mostly), "inet",
"packet" (mostly) and 'sock_type': "raw", "dgram" and so on. If it's
about 'operation' option, there are many different values: "create",
"bind", "getsockname", "setsockopt", "sendmsg", "recvmsg", "file_mmap"

I apologize for such a bad description, but - for now - I would like
to know something about bluetooth and USB (see above). If it will be
necessary, I will paste some log entries with above values.

Thanks, best regards.

AppArmor mailing list
Modify settings or unsubscribe at: 

Reply via email to