OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	10/02/2024 07:52:54 PM	rwxr-xr-x
📄 aa-exec	22.16 KB	06/29/2023 11:30:47 AM	rwxr-xr-x
📄 aa-remove-unknown	2.86 KB	06/29/2023 11:30:39 AM	rwxr-xr-x
📄 aa-status	7.11 KB	06/29/2023 11:30:39 AM	rwxr-xr-x
📄 add-shell	695 bytes	01/26/2016 06:17:55 PM	rwxr-xr-x
📄 addgroup	36.4 KB	07/02/2015 08:11:22 PM	rwxr-xr-x
📄 adduser	36.4 KB	07/02/2015 08:11:22 PM	rwxr-xr-x
📄 apparmor_status	7.11 KB	06/29/2023 11:30:39 AM	rwxr-xr-x
📄 arp	54.09 KB	06/30/2014 01:19:24 PM	rwxr-xr-x
📄 arpd	46.74 KB	04/16/2019 12:37:11 PM	rwxr-xr-x
📄 chat	26.01 KB	07/23/2020 03:09:52 PM	rwxr-xr-x
📄 chgpasswd	53.33 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 chpasswd	49.43 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 chroot	38.8 KB	03/02/2017 06:07:22 PM	rwxr-xr-x
📄 cpgr	51.48 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 cppw	51.48 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 cron	43.43 KB	05/10/2022 10:15:25 PM	rwxr-xr-x
📄 delgroup	16.13 KB	07/02/2015 08:11:22 PM	rwxr-xr-x
📄 deluser	16.13 KB	07/02/2015 08:11:22 PM	rwxr-xr-x
📄 dnsmasq	452.91 KB	04/23/2024 07:46:09 PM	rwxr-xr-x
📄 dpkg-divert	0 bytes	01/01/1970 12:00:00 AM	---------
📄 dpkg-preconfigure	3.52 KB	05/08/2019 06:33:33 PM	rwxr-xr-x
📄 dpkg-reconfigure	4.23 KB	05/08/2019 06:33:33 PM	rwxr-xr-x
📄 dpkg-statoverride	0 bytes	01/01/1970 12:00:00 AM	---------
📄 e2freefrag	10.24 KB	06/03/2022 08:47:31 PM	rwxr-xr-x
📄 e4defrag	26.53 KB	06/03/2022 08:47:31 PM	rwxr-xr-x
📄 faillock	14.4 KB	03/19/2024 04:18:59 PM	rwxr-xr-x
📄 fanatic	35.21 KB	12/12/2017 04:13:01 PM	rwxr-xr-x
📄 fanctl	41.97 KB	04/23/2019 10:35:14 AM	rwxr-xr-x
📄 fdformat	22.57 KB	06/14/2022 09:28:54 PM	rwxr-xr-x
📄 filefrag	14.31 KB	06/03/2022 08:47:31 PM	rwxr-xr-x
📄 genl	46.69 KB	04/16/2019 12:37:11 PM	rwxr-xr-x
📄 groupadd	57.42 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 groupdel	65.83 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 groupmod	67.7 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 grpck	53.31 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 grpconv	49.19 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 grpunconv	49.2 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 iconvconfig	26.66 KB	05/08/2024 03:49:57 PM	rwxr-xr-x
📄 invoke-rc.d	19.41 KB	11/29/2016 05:28:22 PM	rwxr-xr-x
📄 ip6tables-apply	6.85 KB	02/19/2016 03:20:21 PM	rwxr-xr-x
📄 iptables-apply	6.85 KB	02/19/2016 03:20:21 PM	rwxr-xr-x
📄 ldattach	26.63 KB	06/14/2022 09:28:54 PM	rwxr-xr-x
📄 logrotate	63.11 KB	08/10/2017 03:16:07 PM	rwxr-xr-x
📄 mkinitramfs	10.24 KB	10/07/2019 10:53:35 AM	rwxr-xr-x
📄 mklost+found	10.25 KB	06/03/2022 08:47:31 PM	rwxr-xr-x
📄 netplan	17.94 KB	09/27/2019 04:27:57 PM	rwxr-xr-x
📄 newusers	73.84 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 nfnl_osf	14.37 KB	02/19/2016 03:21:11 PM	rwxr-xr-x
📄 nologin	5.95 KB	02/07/2024 10:59:50 AM	rwxr-xr-x
📄 pam-auth-update	19.09 KB	03/19/2024 04:16:59 PM	rwxr-xr-x
📄 pam_getenv	2.82 KB	03/19/2024 04:16:59 PM	rwxr-xr-x
📄 pam_timestamp_check	10.38 KB	03/19/2024 04:18:59 PM	rwxr-xr-x
📄 pppd	385.73 KB	07/23/2020 03:09:52 PM	rwxr-xr--
📄 pppdump	18.1 KB	07/23/2020 03:09:52 PM	rwxr-xr-x
📄 pppoe-discovery	18 KB	07/23/2020 03:09:52 PM	rwxr-xr-x
📄 pppstats	13.99 KB	07/23/2020 03:09:51 PM	rwxr-xr-x
📄 pwck	45.36 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 pwconv	41.27 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 pwunconv	36.43 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 readprofile	14.52 KB	06/14/2022 09:28:54 PM	rwxr-xr-x
📄 remove-shell	749 bytes	01/26/2016 06:17:55 PM	rwxr-xr-x
📄 rfkill	10.29 KB	06/20/2018 11:54:19 AM	rwxr-xr-x
📄 rmt	54.95 KB	12/06/2023 12:12:24 PM	rwxr-xr-x
📄 rmt-tar	54.95 KB	12/06/2023 12:12:24 PM	rwxr-xr-x
📄 rsyslogd	585.28 KB	05/23/2022 05:31:02 PM	rwxr-xr-x
📄 rtcwake	38.8 KB	06/14/2022 09:28:54 PM	rwxr-xr-x
📄 service	9.82 KB	09/12/2016 08:57:57 AM	rwxr-xr-x
📄 setvesablank	10.27 KB	09/22/2016 05:33:23 PM	rwxr-xr-x
📄 sshd	772.48 KB	09/04/2024 01:11:37 PM	rwxr-xr-x
📄 tarcat	936 bytes	12/06/2023 12:12:23 PM	rwxr-xr-x
📄 tunelp	22.53 KB	06/14/2022 09:28:54 PM	rwxr-xr-x
📄 tzconfig	106 bytes	07/29/2024 09:35:38 PM	rwxr-xr-x
📄 update-alternatives	46.61 KB	05/27/2022 10:37:03 AM	rwxr-xr-x
📄 update-ca-certificates	5.25 KB	09/25/2024 07:45:49 PM	rwxr-xr-x
📄 update-initramfs	8.38 KB	10/07/2019 10:53:35 AM	rwxr-xr-x
📄 update-mime	8.84 KB	10/30/2015 03:39:30 PM	rwxr-xr-x
📄 update-passwd	30.41 KB	01/02/2016 11:13:25 PM	rwxr-xr-x
📄 update-rc.d	14.1 KB	02/29/2016 12:24:38 PM	rwxr-xr-x
📄 useradd	118.72 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 userdel	81.92 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 usermod	118.5 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 vcstime	6.26 KB	09/22/2016 05:33:23 PM	rwxr-xr-x
📄 vigr	55.7 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 vipw	55.7 KB	02/07/2024 10:59:49 AM	rwxr-xr-x
📄 visudo	187.89 KB	05/24/2023 01:48:57 PM	rwxr-xr-x
📄 zic	50.54 KB	05/08/2024 03:49:57 PM	rwxr-xr-x

Editing: aa-status

#!/usr/bin/python3
# ------------------------------------------------------------------
#
#    Copyright (C) 2005-2006 Novell/SUSE
#    Copyright (C) 2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import re, os, sys, errno

# PLEASE NOTE: we try to keep aa-status as minimal as possible, for
# environments where installing all of the python utils and python
# apparmor module may not make sense. Please think carefully before
# importing anything from apparmor; see how the apparmor.fail import is
# handled below.

# setup exception handling
try:
    from apparmor.fail import enable_aa_exception_handler
    enable_aa_exception_handler()
except ImportError:
    # just let normal python exceptions happen (LP: #1480492)
    pass

def cmd_enabled():
    '''Returns error code if AppArmor is not enabled'''
    if get_profiles() == {}:
        sys.exit(2)

def cmd_profiled():
    '''Prints the number of loaded profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(profiles))
    if profiles == {}:
        sys.exit(2)

def cmd_enforced():
    '''Prints the number of loaded enforcing profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'enforce')))
    if profiles == {}:
        sys.exit(2)

def cmd_complaining():
    '''Prints the number of loaded non-enforcing profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'complain')))
    if profiles == {}:
        sys.exit(2)

def cmd_verbose():
    '''Displays multiple data points about loaded profile set'''
    global verbose
    verbose = True
    profiles = get_profiles()
    processes = get_processes(profiles)

stdmsg("%d profiles are loaded." % len(profiles))
    for status in ('enforce', 'complain'):
        filtered_profiles = filter_profiles(profiles, status)
        stdmsg("%d profiles are in %s mode." % (len(filtered_profiles), status))
        for item in filtered_profiles:
                stdmsg("   %s" % item)

stdmsg("%d processes have profiles defined." % len(processes))
    for status in ('enforce', 'complain', 'unconfined'):
        filtered_processes = filter_processes(processes, status)
        if status == 'unconfined':
            stdmsg("%d processes are unconfined but have a profile defined." % len(filtered_processes))
        else:
            stdmsg("%d processes are in %s mode." % (len(filtered_processes), status))
        # Sort by name, and then by pid
        filtered_processes.sort(key=lambda x: int(x[0]))
        filtered_processes.sort(key=lambda x: x[1])
        for (pid, process) in filtered_processes:
            stdmsg("   %s (%s) " % (process, pid))

if profiles == {}:
        sys.exit(2)

def get_profiles():
    '''Fetch loaded profiles'''

profiles = {}

if os.path.exists("/sys/module/apparmor"):
        stdmsg("apparmor module is loaded.")
    else:
        errormsg("apparmor module is not loaded.")
        sys.exit(1)

apparmorfs = find_apparmorfs()
    if not apparmorfs:
        errormsg("apparmor filesystem is not mounted.")
        sys.exit(3)

apparmor_profiles = os.path.join(apparmorfs, "profiles")
    try:
        f = open(apparmor_profiles)
    except IOError as e:
        if e.errno == errno.EACCES:
            errormsg("You do not have enough privilege to read the profile set.")
        else:
            errormsg("Could not open %s: %s" % (apparmor_profiles, os.strerror(e.errno)))
        sys.exit(4)

for p in f.readlines():
        match = re.search("^([^$]+)\s+\((\w+)$$", p)
        profiles[match.group(1)] = match.group(2)

f.close()

return profiles

def get_processes(profiles):
    '''Fetch process list'''
    processes = {}
    contents = os.listdir("/proc")
    for filename in contents:
        if filename.isdigit():
            try:
                for p in open("/proc/%s/attr/current" % filename).readlines():
                    match = re.search("^([^$]+)\s+\((\w+)$$", p)
                    if match:
                        processes[filename] = { 'profile' : match.group(1), \
                                                'mode' : match.group(2) }
                    elif os.path.realpath("/proc/%s/exe" % filename) in profiles:
                        # keep only unconfined processes that have a profile defined
                        processes[filename] = { 'profile' : os.path.realpath("/proc/%s/exe" % filename), \
                                                'mode' : 'unconfined' }
            except:
                pass
    return processes

def filter_profiles(profiles, status):
    '''Return a list of profiles that have a particular status'''
    filtered = []
    for key, value in list(profiles.items()):
        if value == status:
            filtered.append(key)
    filtered.sort()
    return filtered

def filter_processes(processes, status):
    '''Return a list of processes that have a particular status'''
    filtered = []
    for key, value in list(processes.items()):
        if value['mode'] == status:
            filtered.append([key, value['profile']])
    return filtered

def find_apparmorfs():
    '''Finds AppArmor mount point'''
    for p in open("/proc/mounts","rb").readlines():
        if p.split()[2].decode() == "securityfs" and \
           os.path.exists(os.path.join(p.split()[1].decode(), "apparmor")):
            return os.path.join(p.split()[1].decode(), "apparmor")
    return False

def errormsg(message):
    '''Prints to stderr if verbose mode is on'''
    global verbose
    if verbose:
        sys.stderr.write(message + "\n")

def stdmsg(message):
    '''Prints to stdout if verbose mode is on'''
    global verbose
    if verbose:
        sys.stdout.write(message + "\n")

def print_usage():
    '''Print usage information'''
    sys.stdout.write('''Usage: %s [OPTIONS]
Displays various information about the currently loaded AppArmor policy.
OPTIONS (one only):
  --enabled       returns error code if AppArmor not enabled
  --profiled      prints the number of loaded policies
  --enforced      prints the number of loaded enforcing policies
  --complaining   prints the number of loaded non-enforcing policies
  --verbose       (default) displays multiple data points about loaded policy set
  --help          this message
''' % sys.argv[0])

# Main
global verbose
verbose = False

if len(sys.argv) > 2:
    sys.stderr.write("Error: Too many options.\n")
    print_usage()
    sys.exit(1)
elif len(sys.argv) == 2:
    cmd = sys.argv.pop(1)
else:
    cmd = '--verbose'

# Command dispatch:
commands = {
    '--enabled'      : cmd_enabled,
    '--profiled'     : cmd_profiled,
    '--enforced'     : cmd_enforced,
    '--complaining'  : cmd_complaining,
    '--verbose'      : cmd_verbose,
    '-v'             : cmd_verbose,
    '--help'         : print_usage,
    '-h'             : print_usage
}

if cmd in commands:
    commands[cmd]()
    sys.exit(0)
else:
    sys.stderr.write("Error: Invalid command.\n")
    print_usage()
    sys.exit(1)