OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	10/21/2019 03:48:12 PM	rwxr-xr-x
📄 a2disconf	15.89 KB	02/23/2021 04:35:16 PM	rwxr-xr-x
📄 a2dismod	15.89 KB	02/23/2021 04:35:16 PM	rwxr-xr-x
📄 a2dissite	15.89 KB	02/23/2021 04:35:16 PM	rwxr-xr-x
📄 a2enconf	15.89 KB	02/23/2021 04:35:16 PM	rwxr-xr-x
📄 a2enmod	15.89 KB	02/23/2021 04:35:16 PM	rwxr-xr-x
📄 a2ensite	15.89 KB	02/23/2021 04:35:16 PM	rwxr-xr-x
📄 a2query	9.64 KB	03/08/2023 05:34:33 PM	rwxr-xr-x
📄 aa-remove-unknown	2.85 KB	06/20/2023 11:51:13 PM	rwxr-xr-x
📄 aa-status	8.41 KB	06/20/2023 11:51:13 PM	rwxr-xr-x
📄 accessdb	10.23 KB	08/04/2018 07:16:12 PM	rwxr-xr-x
📄 acpid	50.84 KB	04/28/2017 04:28:10 AM	rwxr-xr-x
📄 add-shell	860 bytes	12/30/2017 06:15:02 PM	rwxr-xr-x
📄 addgnupghome	3.01 KB	07/04/2022 04:20:59 PM	rwxr-xr-x
📄 addgroup	36.45 KB	12/05/2017 04:57:20 PM	rwxr-xr-x
📄 adduser	36.45 KB	12/05/2017 04:57:20 PM	rwxr-xr-x
📄 apache2	659.69 KB	03/08/2023 05:34:33 PM	rwxr-xr-x
📄 apache2ctl	7.06 KB	03/04/2022 10:48:50 AM	rwxr-xr-x
📄 apachectl	7.06 KB	03/04/2022 10:48:50 AM	rwxr-xr-x
📄 apparmor_status	8.41 KB	06/20/2023 11:51:13 PM	rwxr-xr-x
📄 applygnupgdefaults	2.17 KB	07/04/2022 04:20:59 PM	rwxr-xr-x
📄 arp	61.3 KB	01/10/2017 04:25:08 AM	rwxr-xr-x
📄 arpd	54.03 KB	01/26/2021 01:33:08 PM	rwxr-xr-x
📄 atd	26.01 KB	02/20/2018 06:59:43 AM	rwxr-xr-x
📄 bcache-super-show	13.99 KB	08/05/2020 08:44:05 PM	rwxr-xr-x
📄 biosdecode	18.87 KB	01/27/2020 06:09:10 PM	rwxr-xr-x
📄 check_forensic	952 bytes	04/26/2011 03:10:00 PM	rwxr-xr-x
📄 chgpasswd	57.83 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 chmem	42.08 KB	09/16/2020 06:43:15 PM	rwxr-xr-x
📄 chpasswd	53.86 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 chroot	38.18 KB	01/18/2018 09:43:49 AM	rwxr-xr-x
📄 cpgr	55.96 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 cppw	55.96 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 cron	46.3 KB	05/10/2022 08:59:19 PM	rwxr-xr-x
📄 cryptdisks_start	1.11 KB	08/03/2020 09:28:48 PM	rwxr-xr-x
📄 cryptdisks_stop	1.16 KB	08/03/2020 09:28:48 PM	rwxr-xr-x
📄 delgroup	16.11 KB	12/05/2017 04:57:20 PM	rwxr-xr-x
📄 deluser	16.11 KB	12/05/2017 04:57:20 PM	rwxr-xr-x
📄 dmidecode	106.54 KB	01/27/2020 06:09:10 PM	rwxr-xr-x
📄 dnsmasq	379.6 KB	04/18/2023 08:21:55 AM	rwxr-xr-x
📄 dpkg-preconfigure	3.58 KB	05/06/2019 04:30:30 PM	rwxr-xr-x
📄 dpkg-reconfigure	4.34 KB	05/06/2019 04:30:30 PM	rwxr-xr-x
📄 e2freefrag	14.07 KB	06/02/2022 02:37:00 PM	rwxr-xr-x
📄 e4crypt	22.07 KB	06/02/2022 02:37:00 PM	rwxr-xr-x
📄 e4defrag	25.99 KB	06/02/2022 02:37:00 PM	rwxr-xr-x
📄 escapesrc	22.16 KB	10/19/2021 07:44:28 PM	rwxr-xr-x
📄 faillock	13.99 KB	02/02/2023 09:24:07 AM	rwxr-xr-x
📄 fdformat	30.08 KB	09/16/2020 06:43:15 PM	rwxr-xr-x
📄 filefrag	14.02 KB	06/02/2022 02:37:00 PM	rwxr-xr-x
📄 genccode	10.36 KB	10/19/2021 07:44:28 PM	rwxr-xr-x
📄 gencmn	10.44 KB	10/19/2021 07:44:28 PM	rwxr-xr-x
📄 genl	58.05 KB	01/26/2021 01:33:08 PM	rwxr-xr-x
📄 gennorm2	54.59 KB	10/19/2021 07:44:28 PM	rwxr-xr-x
📄 gensprep	18.5 KB	10/19/2021 07:44:28 PM	rwxr-xr-x
📄 groupadd	61.92 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 groupdel	70.37 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 groupmems	57.87 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 groupmod	68.18 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 grpck	53.8 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 grpconv	49.68 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 grpunconv	49.68 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 grub-install	1003.51 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 grub-macbless	780.84 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 grub-mkconfig	8.03 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 grub-mkdevicemap	207.62 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 grub-probe	793.09 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 grub-reboot	4.73 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 grub-set-default	832 bytes	03/24/2018 12:56:45 AM	rwxr-xr-x
📄 grub-set-default-legacy-ec2	3.13 KB	03/24/2018 12:56:45 AM	rwxr-xr-x
📄 grub-set-default.real	3.47 KB	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 httxt2dbm	9.99 KB	03/08/2023 05:34:33 PM	rwxr-xr-x
📄 iconvconfig	30.25 KB	05/03/2022 10:19:39 AM	rwxr-xr-x
📄 icupkg	18.77 KB	10/19/2021 07:44:28 PM	rwxr-xr-x
📄 init.lxc	38.5 KB	05/05/2023 12:06:12 PM	rwxr-xr-x
📄 init.lxc.static	1005.91 KB	05/05/2023 12:06:12 PM	rwxr-xr-x
📄 invoke-rc.d	15.66 KB	10/25/2017 03:38:42 PM	rwxr-xr-x
📄 ip6tables-apply	6.85 KB	05/09/2023 06:42:18 PM	rwxr-xr-x
📄 iptables-apply	6.85 KB	05/09/2023 06:42:18 PM	rwxr-xr-x
📄 irqbalance	62.68 KB	01/09/2019 10:38:44 AM	rwxr-xr-x
📄 irqbalance-ui	34.06 KB	01/09/2019 10:38:44 AM	rwxr-xr-x
📄 iscsi-iname	9.99 KB	04/06/2022 07:19:56 PM	rwxr-xr-x
📄 iscsi_discovery	5.16 KB	09/29/2016 06:33:24 PM	rwxr-xr-x
📄 iscsid	398.15 KB	04/06/2022 07:19:56 PM	rwxr-xr-x
📄 iscsistart	358.13 KB	04/06/2022 07:19:56 PM	rwxr-xr-x
📄 ldattach	30.08 KB	09/16/2020 06:43:15 PM	rwxr-xr-x
📄 locale-gen	4.3 KB	12/07/2020 04:38:09 PM	rwxr-xr-x
📄 logrotate	74.09 KB	08/21/2017 11:01:27 PM	rwxr-xr-x
📄 luksformat	3.32 KB	08/03/2020 09:28:48 PM	rwxr-xr-x
📄 maidag	69.88 KB	11/07/2017 09:06:00 PM	rwxr-xr-x
📄 make-bcache	18.07 KB	08/05/2020 08:44:05 PM	rwxr-xr-x
📄 make-ssl-cert	3.78 KB	04/28/2017 07:58:22 PM	rwxr-xr-x
📄 mkinitramfs	10.89 KB	07/01/2021 01:11:48 PM	rwxr-xr-x
📄 mklost+found	9.99 KB	06/02/2022 02:37:00 PM	rwxr-xr-x
📄 mysqld	23.16 MB	04/23/2023 02:08:47 PM	rwxr-xr-x
📄 netplan	798 bytes	09/07/2021 03:19:37 PM	rwxr-xr-x
📄 newusers	82.39 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 nfnl_osf	13.99 KB	05/09/2023 06:42:18 PM	rwxr-xr-x
📄 nologin	5.99 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 overlayroot-chroot	2.45 KB	09/20/2018 01:29:41 PM	rwxr-xr-x
📄 ownership	10.13 KB	01/27/2020 06:09:10 PM	rwxr-xr-x
📄 pam-auth-update	19.38 KB	07/21/2020 11:40:59 PM	rwxr-xr-x
📄 pam_getenv	2.82 KB	08/23/2018 11:37:53 PM	rwxr-xr-x
📄 pam_timestamp_check	9.99 KB	02/02/2023 09:24:07 AM	rwxr-xr-x
📄 paperconfig	4.07 KB	04/28/2017 05:17:56 AM	rwxr-xr-x
📄 php-fpm7.2	4.65 MB	02/23/2023 01:29:25 PM	rwxr-xr-x
📄 phpdismod	7.11 KB	01/17/2018 11:50:00 PM	rwxr-xr-x
📄 phpenmod	7.11 KB	01/17/2018 11:50:00 PM	rwxr-xr-x
📄 phpquery	6.24 KB	01/17/2018 11:50:00 PM	rwxr-xr-x
📄 popcon-largest-unused	543 bytes	02/22/2018 05:15:22 AM	rwxr-xr-x
📄 popularity-contest	4.92 KB	02/22/2018 05:15:22 AM	rwxr-xr-x
📄 postalias	17.99 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postcat	18.06 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postconf	179.47 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postdrop	14.12 KB	08/12/2021 12:43:19 PM	r-xr-xr-x
📄 postfix	14.07 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postfix-add-filter	4.9 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postfix-add-policy	3.83 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postkick	9.99 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postlock	9.99 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postlog	10.15 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postmap	17.99 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postmulti	26.38 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 postqueue	22.07 KB	08/12/2021 12:43:19 PM	r-xr-xr-x
📄 postsuper	22.32 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 posttls-finger	34.09 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 pwck	49.8 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 pwconv	45.7 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 pwunconv	45.68 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 qmqp-sink	13.99 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 qmqp-source	18.01 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 qshape	12.55 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 readprofile	18.11 KB	09/16/2020 06:43:15 PM	rwxr-xr-x
📄 remove-shell	904 bytes	12/30/2017 06:15:02 PM	rwxr-xr-x
📄 rmail	13.99 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 rmt	58.39 KB	02/15/2023 02:55:10 PM	rwxr-xr-x
📄 rmt-tar	58.39 KB	02/15/2023 02:55:10 PM	rwxr-xr-x
📄 rsyslogd	668.54 KB	05/03/2022 09:20:37 AM	rwxr-xr-x
📄 rtcwake	42.08 KB	09/16/2020 06:43:15 PM	rwxr-xr-x
📄 sendmail	26.15 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 service	9.04 KB	10/25/2017 03:38:42 PM	rwxr-xr-x
📄 setvesablank	14.07 KB	01/22/2018 01:49:48 PM	rwxr-xr-x
📄 slapacl	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapadd	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapauth	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapcat	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapd	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapdn	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapindex	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slappasswd	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slapschema	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 slaptest	1.2 MB	05/12/2022 01:52:38 PM	rwxr-xr-x
📄 smtp-sink	30.93 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 smtp-source	22.02 KB	08/12/2021 12:43:19 PM	rwxr-xr-x
📄 split-logfile	2.36 KB	03/08/2023 05:34:33 PM	rwxr-xr-x
📄 sshd	772.41 KB	03/30/2022 01:17:14 PM	rwxr-xr-x
📄 tarcat	936 bytes	02/15/2023 02:55:10 PM	rwxr-xr-x
📄 tcpdump	999.6 KB	02/10/2023 06:11:16 PM	rwxr-xr-x
📄 tzconfig	106 bytes	04/03/2023 11:03:22 AM	rwxr-xr-x
📄 ufw	4.82 KB	10/25/2021 05:30:24 PM	rwxr-xr-x
📄 update-ca-certificates	5.27 KB	05/18/2023 01:09:37 PM	rwxr-xr-x
📄 update-grub	64 bytes	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 update-grub-legacy-ec2	43.96 KB	03/24/2018 12:56:45 AM	rwxr-xr-x
📄 update-grub2	64 bytes	02/01/2023 05:49:01 PM	rwxr-xr-x
📄 update-gsfontmap	450 bytes	04/13/2023 01:09:22 PM	rwxr-xr-x
📄 update-icon-caches	596 bytes	04/02/2019 03:46:36 PM	rwxr-xr-x
📄 update-info-dir	1.66 KB	02/05/2018 02:48:18 PM	rwxr-xr-x
📄 update-initramfs	8.04 KB	03/18/2021 06:48:17 PM	rwxr-xr-x
📄 update-java-alternatives	3.09 KB	01/06/2017 12:03:20 PM	rwxr-xr-x
📄 update-locale	2.99 KB	05/03/2022 04:27:41 AM	rwxr-xr-x
📄 update-mime	8.84 KB	07/15/2016 12:06:12 PM	rwxr-xr-x
📄 update-passwd	30.41 KB	09/12/2017 09:48:16 PM	rwxr-xr-x
📄 update-pciids	2.84 KB	02/10/2019 06:25:12 PM	rwxr-xr-x
📄 update-rc.d	16.12 KB	10/25/2017 03:38:42 PM	rwxr-xr-x
📄 update-secureboot-policy	7.43 KB	01/31/2023 11:57:37 AM	rwxr-xr-x
📄 update-usbids	1.05 KB	04/21/2017 08:59:17 PM	rwxr-xr-x
📄 useradd	123.28 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 userdel	82.48 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 usermod	123.06 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 uuidd	34.16 KB	09/16/2020 06:43:15 PM	rwxr-xr-x
📄 validlocale	1.73 KB	12/07/2020 04:38:09 PM	rwxr-xr-x
📄 vcstime	9.99 KB	01/22/2018 01:49:48 PM	rwxr-xr-x
📄 vigr	60.18 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 vipw	60.18 KB	11/29/2022 12:25:19 PM	rwxr-xr-x
📄 visudo	208.8 KB	04/04/2023 12:44:58 PM	rwxr-xr-x
📄 vpddecode	14.27 KB	01/27/2020 06:09:10 PM	rwxr-xr-x
📄 xfs_admin	1.35 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_bmap	638 bytes	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_copy	394.31 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_db	667.63 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_estimate	10.01 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_freeze	767 bytes	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_fsr	30.02 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_growfs	382.27 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_info	472 bytes	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_io	130.93 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_logprint	414.27 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_mdrestore	370.28 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_metadump	747 bytes	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_mkfile	1007 bytes	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_ncheck	650 bytes	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_quota	86.01 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 xfs_rtcp	13.99 KB	04/18/2018 06:44:31 AM	rwxr-xr-x
📄 zerofree	9.99 KB	11/14/2016 02:44:00 PM	rwxr-xr-x
📄 zic	54.14 KB	05/03/2022 10:19:39 AM	rwxr-xr-x

Editing: apparmor_status

#! /usr/bin/python3
# ------------------------------------------------------------------
#
#    Copyright (C) 2005-2006 Novell/SUSE
#    Copyright (C) 2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import re, os, sys, errno, json

# PLEASE NOTE: we try to keep aa-status as minimal as possible, for
# environments where installing all of the python utils and python
# apparmor module may not make sense. Please think carefully before
# importing anything from apparmor; see how the apparmor.fail import is
# handled below.

# setup exception handling
try:
    from apparmor.fail import enable_aa_exception_handler
    enable_aa_exception_handler()
except ImportError:
    # just let normal python exceptions happen (LP: #1480492)
    pass

def cmd_enabled():
    '''Returns error code if AppArmor is not enabled'''
    if get_profiles() == {}:
        sys.exit(2)

def cmd_profiled():
    '''Prints the number of loaded profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(profiles))
    if profiles == {}:
        sys.exit(2)

def cmd_enforced():
    '''Prints the number of loaded enforcing profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'enforce')))
    if profiles == {}:
        sys.exit(2)

def cmd_complaining():
    '''Prints the number of loaded non-enforcing profiles'''
    profiles = get_profiles()
    sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'complain')))
    if profiles == {}:
        sys.exit(2)

def cmd_verbose():
    '''Displays multiple data points about loaded profile set'''
    global verbose
    verbose = True
    profiles = get_profiles()
    processes = get_processes(profiles)

stdmsg("%d profiles are loaded." % len(profiles))
    for status in ('enforce', 'complain'):
        filtered_profiles = filter_profiles(profiles, status)
        stdmsg("%d profiles are in %s mode." % (len(filtered_profiles), status))
        for item in filtered_profiles:
                stdmsg("   %s" % item)

stdmsg("%d processes have profiles defined." % len(processes))
    for status in ('enforce', 'complain', 'unconfined'):
        filtered_processes = filter_processes(processes, status)
        if status == 'unconfined':
            stdmsg("%d processes are unconfined but have a profile defined." % len(filtered_processes))
        else:
            stdmsg("%d processes are in %s mode." % (len(filtered_processes), status))
        # Sort by name, and then by pid
        filtered_processes.sort(key=lambda x: int(x[0]))
        filtered_processes.sort(key=lambda x: x[1])
        for (pid, process) in filtered_processes:
            stdmsg("   %s (%s) " % (process, pid))

if profiles == {}:
        sys.exit(2)

def cmd_json(pretty_output=False):
    '''Outputs multiple data points about loaded profile set in a machine-readable JSON format'''
    global verbose
    profiles = get_profiles()
    processes = get_processes(profiles)

i = {
        'version': '1',
        'profiles': {},
        'processes': {}
    }

for status in ('enforce', 'complain'):
        filtered_profiles = filter_profiles(profiles, status)
        for item in filtered_profiles:
            i['profiles'][item] = status

for status in ('enforce', 'complain', 'unconfined'):
        filtered_processes = filter_processes(processes, status)
        for (pid, process) in filtered_processes:
            if process not in i['processes']:
                i['processes'][process] = []

i['processes'][process].append({
                'pid': pid,
                'status': status
            })

if pretty_output:
        sys.stdout.write(json.dumps(i, sort_keys=True, indent=4, separators=(',', ': ')))
    else:
        sys.stdout.write(json.dumps(i))

def cmd_pretty_json():
    cmd_json(True)

def get_profiles():
    '''Fetch loaded profiles'''

profiles = {}

if os.path.exists("/sys/module/apparmor"):
        stdmsg("apparmor module is loaded.")
    else:
        errormsg("apparmor module is not loaded.")
        sys.exit(1)

apparmorfs = find_apparmorfs()
    if not apparmorfs:
        errormsg("apparmor filesystem is not mounted.")
        sys.exit(3)

apparmor_profiles = os.path.join(apparmorfs, "profiles")
    try:
        f = open(apparmor_profiles)
    except IOError as e:
        if e.errno == errno.EACCES:
            errormsg("You do not have enough privilege to read the profile set.")
        else:
            errormsg("Could not open %s: %s" % (apparmor_profiles, os.strerror(e.errno)))
        sys.exit(4)

for p in f.readlines():
        match = re.search("^([^$]+)\s+\((\w+)$$", p)
        profiles[match.group(1)] = match.group(2)

f.close()

return profiles

def get_processes(profiles):
    '''Fetch process list'''
    processes = {}
    contents = os.listdir("/proc")
    for filename in contents:
        if filename.isdigit():
            try:
                for p in open("/proc/%s/attr/current" % filename).readlines():
                    match = re.search("^([^$]+)\s+\((\w+)$$", p)
                    if match:
                        processes[filename] = { 'profile' : match.group(1), \
                                                'mode' : match.group(2) }
                    elif os.path.realpath("/proc/%s/exe" % filename) in profiles:
                        # keep only unconfined processes that have a profile defined
                        processes[filename] = { 'profile' : os.path.realpath("/proc/%s/exe" % filename), \
                                                'mode' : 'unconfined' }
            except:
                pass
    return processes

def filter_profiles(profiles, status):
    '''Return a list of profiles that have a particular status'''
    filtered = []
    for key, value in list(profiles.items()):
        if value == status:
            filtered.append(key)
    filtered.sort()
    return filtered

def filter_processes(processes, status):
    '''Return a list of processes that have a particular status'''
    filtered = []
    for key, value in list(processes.items()):
        if value['mode'] == status:
            filtered.append([key, value['profile']])
    return filtered

def find_apparmorfs():
    '''Finds AppArmor mount point'''
    for p in open("/proc/mounts","rb").readlines():
        if p.split()[2].decode() == "securityfs" and \
           os.path.exists(os.path.join(p.split()[1].decode(), "apparmor")):
            return os.path.join(p.split()[1].decode(), "apparmor")
    return False

def errormsg(message):
    '''Prints to stderr if verbose mode is on'''
    global verbose
    if verbose:
        sys.stderr.write(message + "\n")

def stdmsg(message):
    '''Prints to stdout if verbose mode is on'''
    global verbose
    if verbose:
        sys.stdout.write(message + "\n")

def print_usage():
    '''Print usage information'''
    sys.stdout.write('''Usage: %s [OPTIONS]
Displays various information about the currently loaded AppArmor policy.
OPTIONS (one only):
  --enabled       returns error code if AppArmor not enabled
  --profiled      prints the number of loaded policies
  --enforced      prints the number of loaded enforcing policies
  --complaining   prints the number of loaded non-enforcing policies
  --json          displays multiple data points in machine-readable JSON format
  --pretty-json   same data as --json, formatted for human consumption as well
  --verbose       (default) displays multiple data points about loaded policy set
  --help          this message
''' % sys.argv[0])

# Main
global verbose
verbose = False

if len(sys.argv) > 2:
    sys.stderr.write("Error: Too many options.\n")
    print_usage()
    sys.exit(1)
elif len(sys.argv) == 2:
    cmd = sys.argv.pop(1)
else:
    cmd = '--verbose'

# Command dispatch:
commands = {
    '--enabled'      : cmd_enabled,
    '--profiled'     : cmd_profiled,
    '--enforced'     : cmd_enforced,
    '--complaining'  : cmd_complaining,
    '--json'         : cmd_json,
    '--pretty-json'  : cmd_pretty_json,
    '--verbose'      : cmd_verbose,
    '-v'             : cmd_verbose,
    '--help'         : print_usage,
    '-h'             : print_usage
}

if cmd in commands:
    commands[cmd]()
    sys.exit(0)
else:
    sys.stderr.write("Error: Invalid command.\n")
    print_usage()
    sys.exit(1)