Gecko [ www.jdcpatala.org ]

Name	Size	Permission
aa-exec	22.16 KB	-rwxr-xr-x
aa-remove-unknown	2.86 KB	-rwxr-xr-x
aa-status	7.11 KB	-rwxr-xr-x
add-shell	695 B	-rwxr-xr-x
addgroup	36.4 KB	-rwxr-xr-x
adduser	36.4 KB	-rwxr-xr-x
apparmor_status	7.11 KB	-rwxr-xr-x
arp	54.09 KB	-rwxr-xr-x
arpd	46.74 KB	-rwxr-xr-x
chat	26.01 KB	-rwxr-xr-x
chgpasswd	53.33 KB	-rwxr-xr-x
chpasswd	49.43 KB	-rwxr-xr-x
chroot	38.8 KB	-rwxr-xr-x
cpgr	51.48 KB	-rwxr-xr-x
cppw	51.48 KB	-rwxr-xr-x
cron	43.43 KB	-rwxr-xr-x
delgroup	16.13 KB	-rwxr-xr-x
deluser	16.13 KB	-rwxr-xr-x
dnsmasq	379.6 KB	-rwxr-xr-x
dpkg-preconfigure	3.52 KB	-rwxr-xr-x
dpkg-reconfigure	4.23 KB	-rwxr-xr-x
e2freefrag	10.24 KB	-rwxr-xr-x
e4defrag	26.53 KB	-rwxr-xr-x
faillock	14.4 KB	-rwxr-xr-x
fanatic	35.21 KB	-rwxr-xr-x
fanctl	41.97 KB	-rwxr-xr-x
fdformat	22.57 KB	-rwxr-xr-x
filefrag	14.31 KB	-rwxr-xr-x
genl	46.69 KB	-rwxr-xr-x
groupadd	57.42 KB	-rwxr-xr-x
groupdel	65.83 KB	-rwxr-xr-x
groupmod	67.7 KB	-rwxr-xr-x
grpck	53.31 KB	-rwxr-xr-x
grpconv	49.19 KB	-rwxr-xr-x
grpunconv	49.2 KB	-rwxr-xr-x
iconvconfig	26.66 KB	-rwxr-xr-x
invoke-rc.d	19.41 KB	-rwxr-xr-x
ip6tables-apply	6.85 KB	-rwxr-xr-x
iptables-apply	6.85 KB	-rwxr-xr-x
ldattach	26.63 KB	-rwxr-xr-x
logrotate	63.11 KB	-rwxr-xr-x
mkinitramfs	10.24 KB	-rwxr-xr-x
mklost+found	10.25 KB	-rwxr-xr-x
netplan	17.94 KB	-rwxr-xr-x
newusers	73.84 KB	-rwxr-xr-x
nfnl_osf	14.37 KB	-rwxr-xr-x
nologin	5.95 KB	-rwxr-xr-x
pam-auth-update	19.09 KB	-rwxr-xr-x
pam_getenv	2.82 KB	-rwxr-xr-x
pam_timestamp_check	10.38 KB	-rwxr-xr-x
pppd	385.73 KB	-rwsr-xr--
pppdump	18.1 KB	-rwxr-xr-x
pppoe-discovery	18 KB	-rwxr-xr-x
pppstats	13.99 KB	-rwxr-xr-x
pwck	45.36 KB	-rwxr-xr-x
pwconv	41.27 KB	-rwxr-xr-x
pwunconv	36.43 KB	-rwxr-xr-x
readprofile	14.52 KB	-rwxr-xr-x
remove-shell	749 B	-rwxr-xr-x
rfkill	10.29 KB	-rwxr-xr-x
rmt	54.95 KB	-rwxr-xr-x
rmt-tar	54.95 KB	-rwxr-xr-x
rsyslogd	585.28 KB	-rwxr-xr-x
rtcwake	38.8 KB	-rwxr-xr-x
service	9.82 KB	-rwxr-xr-x
setvesablank	10.27 KB	-rwxr-xr-x
sshd	772.48 KB	-rwxr-xr-x
tarcat	936 B	-rwxr-xr-x
tunelp	22.53 KB	-rwxr-xr-x
tzconfig	106 B	-rwxr-xr-x
update-alternatives	46.61 KB	-rwxr-xr-x
update-ca-certificates	5.25 KB	-rwxr-xr-x
update-initramfs	8.38 KB	-rwxr-xr-x
update-mime	8.84 KB	-rwxr-xr-x
update-passwd	30.41 KB	-rwxr-xr-x
update-rc.d	14.1 KB	-rwxr-xr-x
useradd	118.72 KB	-rwxr-xr-x
userdel	81.92 KB	-rwxr-xr-x
usermod	118.5 KB	-rwxr-xr-x
vcstime	6.26 KB	-rwxr-xr-x
vigr	55.7 KB	-rwxr-xr-x
vipw	55.7 KB	-rwxr-xr-x
visudo	187.89 KB	-rwxr-xr-x
zic	50.54 KB	-rwxr-xr-x

Code Editor : aa-status

#!/usr/bin/python3
# ------------------------------------------------------------------
#
#    Copyright (C) 2005-2006 Novell/SUSE
#    Copyright (C) 2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import re, os, sys, errno

# PLEASE NOTE: we try to keep aa-status as minimal as possible, for
# environments where installing all of the python utils and python
# apparmor module may not make sense. Please think carefully before
# importing anything from apparmor; see how the apparmor.fail import is
# handled below.

# setup exception handling
try:
    from apparmor.fail import enable_aa_exception_handler
    enable_aa_exception_handler()
except ImportError:
    # just let normal python exceptions happen (LP: #1480492)
    pass

def cmd_enabled():
    '''Returns error code if AppArmor is not enabled'''
    if get_profiles() == {}:
        sys.exit(2)

def cmd_profiled():
    '''Prints the number of loaded profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(profiles))
    if profiles == {}:
        sys.exit(2)

def cmd_enforced():
    '''Prints the number of loaded enforcing profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'enforce')))
    if profiles == {}:
        sys.exit(2)

def cmd_complaining():
    '''Prints the number of loaded non-enforcing profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'complain')))
    if profiles == {}:
        sys.exit(2)

def cmd_verbose():
    '''Displays multiple data points about loaded profile set'''
    global verbose
    verbose = True
    profiles = get_profiles()
    processes = get_processes(profiles)

stdmsg("%d profiles are loaded." % len(profiles))
    for status in ('enforce', 'complain'):
        filtered_profiles = filter_profiles(profiles, status)
        stdmsg("%d profiles are in %s mode." % (len(filtered_profiles), status))
        for item in filtered_profiles:
                stdmsg("   %s" % item)

stdmsg("%d processes have profiles defined." % len(processes))
    for status in ('enforce', 'complain', 'unconfined'):
        filtered_processes = filter_processes(processes, status)
        if status == 'unconfined':
            stdmsg("%d processes are unconfined but have a profile defined." % len(filtered_processes))
        else:
            stdmsg("%d processes are in %s mode." % (len(filtered_processes), status))
        # Sort by name, and then by pid
        filtered_processes.sort(key=lambda x: int(x[0]))
        filtered_processes.sort(key=lambda x: x[1])
        for (pid, process) in filtered_processes:
            stdmsg("   %s (%s) " % (process, pid))

if profiles == {}:
        sys.exit(2)

def get_profiles():
    '''Fetch loaded profiles'''

profiles = {}

if os.path.exists("/sys/module/apparmor"):
        stdmsg("apparmor module is loaded.")
    else:
        errormsg("apparmor module is not loaded.")
        sys.exit(1)

apparmorfs = find_apparmorfs()
    if not apparmorfs:
        errormsg("apparmor filesystem is not mounted.")
        sys.exit(3)

apparmor_profiles = os.path.join(apparmorfs, "profiles")
    try:
        f = open(apparmor_profiles)
    except IOError as e:
        if e.errno == errno.EACCES:
            errormsg("You do not have enough privilege to read the profile set.")
        else:
            errormsg("Could not open %s: %s" % (apparmor_profiles, os.strerror(e.errno)))
        sys.exit(4)

for p in f.readlines():
        match = re.search("^([^$]+)\s+\((\w+)$$", p)
        profiles[match.group(1)] = match.group(2)

f.close()

return profiles

def get_processes(profiles):
    '''Fetch process list'''
    processes = {}
    contents = os.listdir("/proc")
    for filename in contents:
        if filename.isdigit():
            try:
                for p in open("/proc/%s/attr/current" % filename).readlines():
                    match = re.search("^([^$]+)\s+\((\w+)$$", p)
                    if match:
                        processes[filename] = { 'profile' : match.group(1), \
                                                'mode' : match.group(2) }
                    elif os.path.realpath("/proc/%s/exe" % filename) in profiles:
                        # keep only unconfined processes that have a profile defined
                        processes[filename] = { 'profile' : os.path.realpath("/proc/%s/exe" % filename), \
                                                'mode' : 'unconfined' }
            except:
                pass
    return processes

def filter_profiles(profiles, status):
    '''Return a list of profiles that have a particular status'''
    filtered = []
    for key, value in list(profiles.items()):
        if value == status:
            filtered.append(key)
    filtered.sort()
    return filtered

def filter_processes(processes, status):
    '''Return a list of processes that have a particular status'''
    filtered = []
    for key, value in list(processes.items()):
        if value['mode'] == status:
            filtered.append([key, value['profile']])
    return filtered

def find_apparmorfs():
    '''Finds AppArmor mount point'''
    for p in open("/proc/mounts","rb").readlines():
        if p.split()[2].decode() == "securityfs" and \
           os.path.exists(os.path.join(p.split()[1].decode(), "apparmor")):
            return os.path.join(p.split()[1].decode(), "apparmor")
    return False

def errormsg(message):
    '''Prints to stderr if verbose mode is on'''
    global verbose
    if verbose:
        sys.stderr.write(message + "\n")

def stdmsg(message):
    '''Prints to stdout if verbose mode is on'''
    global verbose
    if verbose:
        sys.stdout.write(message + "\n")

def print_usage():
    '''Print usage information'''
    sys.stdout.write('''Usage: %s [OPTIONS]
Displays various information about the currently loaded AppArmor policy.
OPTIONS (one only):
  --enabled       returns error code if AppArmor not enabled
  --profiled      prints the number of loaded policies
  --enforced      prints the number of loaded enforcing policies
  --complaining   prints the number of loaded non-enforcing policies
  --verbose       (default) displays multiple data points about loaded policy set
  --help          this message
''' % sys.argv[0])

# Main
global verbose
verbose = False

if len(sys.argv) > 2:
    sys.stderr.write("Error: Too many options.\n")
    print_usage()
    sys.exit(1)
elif len(sys.argv) == 2:
    cmd = sys.argv.pop(1)
else:
    cmd = '--verbose'

# Command dispatch:
commands = {
    '--enabled'      : cmd_enabled,
    '--profiled'     : cmd_profiled,
    '--enforced'     : cmd_enforced,
    '--complaining'  : cmd_complaining,
    '--verbose'      : cmd_verbose,
    '-v'             : cmd_verbose,
    '--help'         : print_usage,
    '-h'             : print_usage
}

if cmd in commands:
    commands[cmd]()
    sys.exit(0)
else:
    sys.stderr.write("Error: Invalid command.\n")
    print_usage()
    sys.exit(1)

${this.title}

Code Editor : aa-status