From f25c2c4d9ebad095f93bcec32e94cdabb9c12c64 Mon Sep 17 00:00:00 2001 From: Julia Sarris Date: Thu, 1 May 2025 10:00:33 -0400 Subject: [PATCH 1/5] initial john the ripper --- profiles/apparmor.d/john | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 profiles/apparmor.d/john diff --git a/profiles/apparmor.d/john b/profiles/apparmor.d/john new file mode 100644 index 000000000..3161846ef --- /dev/null +++ b/profiles/apparmor.d/john @@ -0,0 +1,25 @@ +abi , + +include + +profile john /usr/sbin/john { + include + include + include + include if exists + + /usr/sbin/john mr, + @{etc_ro}/john/john.conf r, + @{etc_ro}/nsswitch.conf r, + @{etc_ro}/passwd r, + owner @{HOME}* r, + owner @{HOME}*.log wk, + owner @{HOME}*.rec wk, + owner @{HOME}.john/ w, + owner @{HOME}.john/*.log wk, + owner @{HOME}.john/*.pot rw, + owner @{HOME}.john/*.rec rwk, + owner @{etc_ro}/shadow r, + +} + From bef7b32d24dcb868b75639a5c4671190139e41f5 Mon Sep 17 00:00:00 2001 From: Julia Sarris Date: Tue, 20 May 2025 14:42:50 -0400 Subject: [PATCH 2/5] john update --- profiles/apparmor.d/john | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/profiles/apparmor.d/john b/profiles/apparmor.d/john index 3161846ef..c3914aa9c 100644 --- a/profiles/apparmor.d/john +++ b/profiles/apparmor.d/john @@ -1,25 +1,20 @@ abi , - include profile john /usr/sbin/john { include include - include + include include if exists /usr/sbin/john mr, - @{etc_ro}/john/john.conf r, - @{etc_ro}/nsswitch.conf r, - @{etc_ro}/passwd r, - owner @{HOME}* r, - owner @{HOME}*.log wk, - owner @{HOME}*.rec wk, - owner @{HOME}.john/ w, - owner @{HOME}.john/*.log wk, - owner @{HOME}.john/*.pot rw, - owner @{HOME}.john/*.rec rwk, - owner @{etc_ro}/shadow r, + /** r, + + deny @{HOME}/.* rwl, + + @{HOME}/.john/ rw, + @{HOME}/.john/*.log rwk, + @{HOME}/.john/*.pot rwk, + @{HOME}/.john/*.rec rwk, } - From f3829209502588104d105af4164ad33a28608948 Mon Sep 17 00:00:00 2001 From: Julia Sarris Date: Mon, 2 Jun 2025 09:50:44 -0400 Subject: [PATCH 3/5] private files strict --- profiles/apparmor.d/john | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/profiles/apparmor.d/john b/profiles/apparmor.d/john index c3914aa9c..905448404 100644 --- a/profiles/apparmor.d/john +++ b/profiles/apparmor.d/john @@ -5,14 +5,13 @@ profile john /usr/sbin/john { include include include + include include if exists /usr/sbin/john mr, /** r, - deny @{HOME}/.* rwl, - @{HOME}/.john/ rw, @{HOME}/.john/*.log rwk, @{HOME}/.john/*.pot rwk, From edf42d4f79bab27fbbe06799fe0e22d07536bd0d Mon Sep 17 00:00:00 2001 From: Julia Sarris Date: Mon, 2 Jun 2025 09:58:53 -0400 Subject: [PATCH 4/5] nameservice strict --- profiles/apparmor.d/john | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/apparmor.d/john b/profiles/apparmor.d/john index 905448404..a6edc4fc6 100644 --- a/profiles/apparmor.d/john +++ b/profiles/apparmor.d/john @@ -4,7 +4,7 @@ include profile john /usr/sbin/john { include include - include + include include include if exists From d9d17765799ef9bdd46149c16bf570e8944fa364 Mon Sep 17 00:00:00 2001 From: Julia Sarris Date: Mon, 2 Jun 2025 16:29:57 -0400 Subject: [PATCH 5/5] add owner back to rule lines --- profiles/apparmor.d/john | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/profiles/apparmor.d/john b/profiles/apparmor.d/john index a6edc4fc6..0eced2f19 100644 --- a/profiles/apparmor.d/john +++ b/profiles/apparmor.d/john @@ -12,8 +12,8 @@ profile john /usr/sbin/john { /** r, - @{HOME}/.john/ rw, - @{HOME}/.john/*.log rwk, - @{HOME}/.john/*.pot rwk, - @{HOME}/.john/*.rec rwk, + owner @{HOME}/.john/ rw, + owner @{HOME}/.john/*.log rwk, + owner @{HOME}/.john/*.pot rwk, + owner @{HOME}/.john/*.rec rwk, }