Hello. A couple of days ago, I created an AppArmor profile for ArpON 3 (ng) application. As we know, ArpON is a solution that make the ARP protocol secure and help to avoid - for example - the Man In The Middle (MITM) attack, the ARP spoofing, ARP cache poisoning or ARP poison routing attack etc.
So, I used aa-genprof(8) utility to create a base profile and restart ArpON to make some tests etc. Next, to scan the log files I used aa-logprof(8) program. It gives a suggestions for modifying the profile and asks which execution mode should be used etc. Profile is pretty short, but there is something that is confusing me. I would like ask a question about some of the network rules suggested by aa-logprof(8). AppArmor supports simple coarse grained network mediation and the network rule can restrict all socket(2) based operations, right? So, here it is: network bluetooth raw, network inet dgram, network netlink raw, network packet dgram, network packet raw, These are the rules suggested by aa-logprof(8) program. But, looking on the ArpON profile and how its works, I wonder if 'network bluetooth raw,' rule is needed. Does bluetooth have something to do with ArpON in general? Anyway, maybe it's normall and everything is OK? One more thing: log files contains something like this one. Is it normall, should I add a rule to the profile? ● apparmor="ALLOWED" operation="open" profile="/usr/sbin/arpon" name="/sys/bus/usb/devices/" pid=3131 comm="arpon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 If it's about log entries: in some cases 'requested_mask' and 'denied_mask' have "send", "create", "receive", "getopt", "setopt", "getattr" values etc. 'family' are "netlink" (mostly), "inet", "packet" (mostly) and 'sock_type': "raw", "dgram" and so on. If it's about 'operation' option, there are many different values: "create", "bind", "getsockname", "setsockopt", "sendmsg", "recvmsg", "file_mmap" etc. I apologize for such a bad description, but - for now - I would like to know something about bluetooth and USB (see above). If it will be necessary, I will paste some log entries with above values. Thanks, best regards. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor