build: root -> share.

2024-10-11 22:31:06 +01:00 · 2024-10-11 22:31:06 +01:00 · ebdeef152c
commit ebdeef152c
parent 116272b8ad
7 changed files with 6 additions and 5 deletions
--- a/share/bash-completion/completions/aa-log
+++ b/share/bash-completion/completions/aa-log
@ -0,0 +1,26 @@
+# aa-log completion
+
+_aa-log() {
+	COMPREPLY=()
+	local cur="${COMP_WORDS[COMP_CWORD]}"
+	local args=(-f --file -s --systemd -r --rules -R -raw -h --help)
+	local lastarg="${COMP_WORDS[$COMP_CWORD-1]}"
+	COMPREPLY+=($(compgen -W "${args[*]}" -- ${cur}))
+	if [[ $lastarg == "-f" ]]; then
+		COMPREPLY+=($(compgen -W "$(__aa_files)" -- ${cur}))
+		COMPREPLY+=($(compgen -o filenames -A file -- ${cur}))
+	else
+		COMPREPLY+=($(compgen -W "${args[*]}" -- ${cur}))
+		COMPREPLY+=($(compgen -W "$(__aa_profiles)" -- ${cur}))
+	fi
+}
+
+__aa_files() {
+	find /var/log/audit/ -type f -printf '%P\n' | cut -d '.' -f 3
+}
+
+__aa_profiles() {
+	find -L /etc/apparmor.d -maxdepth 1 -type f -printf '%P\n' | sort
+}
+
+complete -F _aa-log aa-log
--- a/share/libalpm/hooks/apparmor.hook
+++ b/share/libalpm/hooks/apparmor.hook
@ -0,0 +1,11 @@
+[Trigger]
+Type = Path
+Operation = Install
+Operation = Upgrade
+Operation = Remove
+Target = etc/apparmor.d/*
+
+[Action]
+Description = Reloading AppArmor service...
+When = PostTransaction
+Exec = /usr/bin/systemctl reload apparmor.service
--- a/share/man/man8/aa-log.8
+++ b/share/man/man8/aa-log.8
@ -0,0 +1,79 @@
+.\" Automatically generated by Pandoc 3.1.9
+.\"
+.TH "aa-log" "8" "September 2024" "" ""
+.SH NAME
+aa-log \[em] Review AppArmor generated messages in a colorful way.
+.SH SYNOPSIS
+\f[B]aa-log\f[R] [\f[I]options\&...\f[R]] [\f[I]profile\f[R]]
+.SH DESCRIPTION
+Review AppArmor generated messages in a colourful way.
+Support logs from \f[I]auditd\f[R], \f[I]systemd\f[R], \f[I]syslog\f[R]
+as well as \f[I]dbus session\f[R] events.
+.PP
+It can be given an optional profile name to filter the output with.
+.PP
+It can be used to generate AppArmor rules from the logs and it therefore
+an alternative to \f[CR]aa-logprof(8)\f[R].
+The generated rules should be manually reviewed and inserted into the
+profile.
+.PP
+Default logs are read from \f[CR]/var/log/audit/audit.log\f[R].
+Other files in \f[CR]/var/log/audit/\f[R] can easily be checked:
+\f[B]aa-log -f 1\f[R] parses \f[CR]audit.log.1\f[R]
+.SH OPTIONS
+\f[B]aa-log\f[R] [\f[I]options\&...\f[R]] [\f[I]profile\f[R]]
+.TP
+[\f[I]profile\f[R]]
+Optional profile name to filter the output with.
+.TP
+\f[CR]--file\f[R], \f[CR]-f\f[R]
+Set a logfile or a suffix to the default log file.
+.TP
+\f[CR]--systemd\f[R], \f[CR]-s\f[R]
+Parse systemd logs from journalctl.
+Provides all AppArmor logs since the last boot.
+.TP
+\f[CR]--rules\f[R], \f[CR]-r\f[R]
+Convert the log into AppArmor rules.
+.TP
+\f[CR]--raw\f[R], \f[CR]-R\f[R]
+Print the raw log without any formatting.
+Useful for reporting logs.
+.TP
+\f[CR]--help\f[R], \f[CR]-h\f[R]
+Print the program usage.
+.SH USAGE
+To read the AppArmor log from \f[CR]/var/log/audit/audit.log\f[R]:
+.IP
+.EX
+aa-log
+.EE
+.PP
+To optionally filter a given profile name:
+\f[CR]aa-log <profile-name>\f[R] (your shell will autocomplete the
+profile name):
+.IP
+.EX
+$ aa-log dnsmasq
+DENIED  dnsmasq open /proc/sys/kernel/osrelease comm=dnsmasq requested_mask=r denied_mask=r
+DENIED  dnsmasq open /proc/1/environ comm=dnsmasq requested_mask=r denied_mask=r
+DENIED  dnsmasq open /proc/cmdline comm=dnsmasq requested_mask=r denied_mask=r
+.EE
+.PP
+To generate AppArmor rule:
+.IP
+.EX
+$ aa-log -r dnsmasq
+profile dnsmasq {
+  \[at]{PROC}/\[at]{pid}/environ r,
+  \[at]{PROC}/cmdline r,
+  \[at]{PROC}/sys/kernel/osrelease r,
+}
+.EE
+.SH SEE ALSO
+\f[CR]aa-logprof(8)\f[R], \f[CR]apparmor(7)\f[R],
+\f[CR]apparmor.d(5)\f[R], \f[CR]aa-genprof(1)\f[R],
+\f[CR]aa-enforce(1)\f[R], \f[CR]aa-complain(1)\f[R],
+\f[CR]aa-disable(1)\f[R], and https://apparmor.pujol.io.
+.SH AUTHORS
+aa-log was written by Alexandre Pujol (alexandre\[at]pujol.io).
--- a/share/man/man8/aa-log.md
+++ b/share/man/man8/aa-log.md
@ -0,0 +1,80 @@
+% aa-log(8)
+% aa-log was written by Alexandre Pujol (alexandre@pujol.io)
+% September 2024
+
+# NAME
+
+aa-log — Review AppArmor generated messages in a colorful way.
+
+# SYNOPSIS
+
+**aa-log** [*options…*] [*profile*]
+
+# DESCRIPTION
+
+Review AppArmor generated messages in a colourful way. Support logs from *auditd*, *systemd*, *syslog* as well as *dbus session* events.
+
+It can be given an optional profile name to filter the output with.
+
+It can be used to generate AppArmor rules from the logs and it therefore an alternative to `aa-logprof(8)`. The generated rules should be manually reviewed and inserted into the profile.
+
+Default logs are read from `/var/log/audit/audit.log`. Other files in `/var/log/audit/` can easily be checked: **aa-log -f 1** parses `audit.log.1`
+
+# OPTIONS
+
+**aa-log** [*options…*] [*profile*]
+
+[*profile*]
+
+: Optional profile name to filter the output with.
+
+`--file`, `-f`
+
+: Set a logfile or a suffix to the default log file.
+
+`--systemd`, `-s`
+
+: Parse systemd logs from journalctl. Provides all AppArmor logs since the last boot.
+
+`--rules`, `-r`
+
+: Convert the log into AppArmor rules.
+
+`--raw`, `-R`
+
+: Print the raw log without any formatting. Useful for reporting logs.
+
+`--help`, `-h`
+
+: Print the program usage.
+
+
+# USAGE
+
+To read the AppArmor log from `/var/log/audit/audit.log`:
+```sh
+aa-log
+```
+
+To optionally filter a given profile name: `aa-log <profile-name>` (your shell will autocomplete the profile name):
+```
+$ aa-log dnsmasq
+DENIED  dnsmasq open /proc/sys/kernel/osrelease comm=dnsmasq requested_mask=r denied_mask=r
+DENIED  dnsmasq open /proc/1/environ comm=dnsmasq requested_mask=r denied_mask=r
+DENIED  dnsmasq open /proc/cmdline comm=dnsmasq requested_mask=r denied_mask=r
+```
+
+To generate AppArmor rule:
+```
+$ aa-log -r dnsmasq
+profile dnsmasq {
+  @{PROC}/@{pid}/environ r,
+  @{PROC}/cmdline r,
+  @{PROC}/sys/kernel/osrelease r,
+}
+```
+
+# SEE ALSO
+
+`aa-logprof(8)`, `apparmor(7)`, `apparmor.d(5)`, `aa-genprof(1)`, `aa-enforce(1)`, `aa-complain(1)`, `aa-disable(1)`, and
+https://apparmor.pujol.io.
--- a/share/zsh/site-functions/_aa-log.zsh
+++ b/share/zsh/site-functions/_aa-log.zsh
@ -0,0 +1,25 @@
+#compdef aa-log
+#autoload
+
+_aa-log() {
+	local IFS=$'\n'
+	_arguments : \
+		{-f,--file}'[set a logfile or a suffix to the default log file]:FILE:__aa_files' \
+		{-s,--systemd}'[parse systemd logs from journalctl]' \
+		{-r,--rules}'[convert the log into AppArmor rules]' \
+		{-R,--raw}'[print the raw log without any formatting]' \
+		{-h,--help}'[display help information]'
+
+	_values -C 'profile names' ${$(__aa_profiles):-""}
+}
+
+__aa_files() {
+	find /var/log/audit/ -type f -printf '%P\n' | cut -d '.' -f 3
+	_files
+}
+
+__aa_profiles() {
+	find -L /etc/apparmor.d -maxdepth 1 -type f -printf '%P\n' | sort
+}
+
+_aa-log