felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa-log): more log cleanup.

Browse source
This commit is contained in:
Alexandre Pujol 2023-10-10 23:47:31 +01:00
parent 0b412b5713
commit 11ca694af7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 24 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

13
pkg/logs/logs.go
View file

@ -59,13 +59,14 @@ var (
`@{PROC}/@{pid}/task/[0-9]*/`, `@{PROC}/@{pid}/task/@{tid}/`,
`/sys/`, `@{sys}/`,
`@{PROC}@{sys}/`, `@{PROC}/sys/`,
`pci[0-9][0-9][0-9][0-9]:[0-9][0-9]`, `@{pci_bus}`,
`@{pci_bus}/([0-9][0-9][0-9][0-9]:[0-9][0-9]:[0-9a-f][0-9a-f]\.[0-9]/)+`, `@{pci}/`,
`pci[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]`, `@{pci_bus}`,
// Some system glob
`:1.[0-9]*`, `:*`, // dbus peer name
`@{bin}/(|ba|da)sh`, `@{bin}/{,ba,da}sh`, // collect all shell
`@{lib}/modules/[^/]+\/`, `@{lib}/modules/*/`, // strip kernel version numbers from kernel module accesses
`[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{uuid}`,
`[0-9][0-9][0-9][0-9][0-9][0-9]+`, `@{int}`,
// Remove basic rules from abstractions/base
`(?m)^.*/etc/[^/]+so.*$`, ``,
@ -114,14 +115,6 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
aa[kv[0]] = strings.Trim(kv[1], `"`)
}
}
aa["profile"] = util.DecodeHex(aa["profile"])
toDecode := []string{"name", "comm"}
for _, name := range toDecode {
if value, ok := aa[name]; ok {
aa[name] = util.DecodeHex(value)
}
}
aaLogs = append(aaLogs, aa)
}