Hi All,
I am trying to use a global/system-wide Apparmor profile to restrict the
executing of any scripts from /tmp folder.
As a first step, I added this entry (audit deny /tmp/* x,) and I was
expecting Apparmor audit logs while executing the script from /tmp/ (sh
/tmp/foo.sh).
Can you please suggest the inputs to get "audit" logs while executing any
script from /tmp/ folder.
cat global
profile global /** flags=(attach_disconnected) {
signal,
ptrace,
capability,
*audit deny /tmp/* x,*
allow / r,
allow /** pix,
allow /** rwlkm,
}
Thanks
Murali.S
