OXIESEC PANEL
- Current Dir:
/
/
snap
/
core
/
17200
/
usr
/
share
/
apparmor
/
easyprof
/
policygroups
/
ubuntu-core
/
16.04
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
02/18/2024 07:58:20 PM
rwxr-xr-x
📄
container-management
2.17 KB
12/16/2015 10:40:55 PM
rw-r--r--
📄
desktop
380 bytes
01/11/2016 07:58:56 PM
rw-r--r--
📄
display-server
1.65 KB
01/19/2016 06:25:11 PM
rw-r--r--
📄
firewall-management
1.7 KB
11/14/2015 11:48:00 PM
rw-r--r--
📄
locale-management
188 bytes
12/16/2015 09:47:27 PM
rw-r--r--
📄
mir-client
1.39 KB
01/19/2016 07:31:36 PM
rw-r--r--
📄
network-admin
2.26 KB
10/05/2015 02:03:36 PM
rw-r--r--
📄
network-client
172 bytes
12/16/2015 08:54:27 PM
rw-r--r--
📄
network-firewall
1.7 KB
11/14/2015 11:48:00 PM
rw-r--r--
📄
network-listener
1.4 KB
01/14/2016 11:24:32 PM
rw-r--r--
📄
network-management
2.26 KB
10/05/2015 02:03:36 PM
rw-r--r--
📄
network-monitor
1.59 KB
12/15/2015 01:50:15 PM
rw-r--r--
📄
network-service
1.4 KB
01/14/2016 11:24:32 PM
rw-r--r--
📄
network-status
1.59 KB
12/15/2015 01:50:15 PM
rw-r--r--
📄
physical-memory-access
111 bytes
12/15/2015 02:00:23 PM
rw-r--r--
📄
read-system-logs
227 bytes
12/16/2015 10:01:29 PM
rw-r--r--
📄
snap-management
84 bytes
12/15/2015 01:52:34 PM
rw-r--r--
📄
snapd
84 bytes
12/15/2015 01:52:34 PM
rw-r--r--
📄
system-monitor
745 bytes
01/15/2016 02:41:32 PM
rw-r--r--
📄
timeserver-management
251 bytes
12/16/2015 09:22:54 PM
rw-r--r--
📄
timezone-management
188 bytes
12/16/2015 09:42:49 PM
rw-r--r--
📄
unix-listener
80 bytes
12/16/2015 08:54:57 PM
rw-r--r--
📄
update-schedule-management
100 bytes
12/16/2015 10:02:37 PM
rw-r--r--
Editing: network-service
Close
# Description: Can access the network as a server. # Usage: common #include <abstractions/nameservice> #include <abstractions/ssl_certs> # These probably shouldn't be something that apps should use, but this offers # no information disclosure since the files are in the read-only part of the # system. /etc/hosts.deny r, /etc/hosts.allow r, @{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/net/ipv4/ip_local_port_range r, # LP: #1496906: java apps need these for some reason and they leak the IPv6 IP # addresses and routes. Until we find another way to handle them (see the bug # for some options), we need to allow them to avoid developer confusion. @{PROC}/@{pid}/net/if_inet6 r, @{PROC}/@{pid}/net/ipv6_route r, # java apps request this but seem to work fine without it. Netlink sockets # are used to talk to kernel subsystems though and since apps run as root, # allowing blanket access needs to be carefully considered. Kernel capabilities # checks (which apparmor mediates) *should* be enough to keep abuse down, # however Linux capabilities can be quite broad and there have been CVEs in # this area. The issue is complicated because reservied policy groups like # 'network-admin' and 'network-firewall' have legitimate use for this rule, # however a network facing server shouldn't typically be running with these # policy groups. For now, explicitly deny to silence the denial. LP: #1499897 deny network netlink dgram,