MainInclusionReportApparmor

Differences between revisions 1 and 10 (spanning 9 versions)
Revision 1 as of 2007-06-08 15:38:40
Size: 4722
Editor: 206-248-181-179
Comment:
Revision 10 as of 2008-08-06 16:20:53
Size: 4533
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:

'''Note''': when writing a report this template should be vigorously edited; as a rule of thumb, every individual point should be replaced with a description of the actual situation in the package in question. The purpose of the report is to convey information to the reviewer, so there is no problem with varying the text in the bullet items, or with adding additional information.

Please be informative, and in particular be thorough in investigating and explaining any weaknesses and problems with the package. The purpose of the report is to show to the reviewer that the package has been properly investigated, and to give the reviewer the information from that investigation, for their decision.
Line 9: Line 5:
 0. ''Availability:'' http://archive.ubuntu.com/ubuntu/pool/universe/a/apparmor/; available for i386, amd64.  0. ''Availability:'' http://archive.ubuntu.com/ubuntu/pool/universe/a/apparmor/; available for i386, amd64, ppc, ppc64.
Line 11: Line 7:
  * [http://en.opensuse.org/Apparmor AppArmor] proactively protects the system from security threats, both internal and external. It enforce the applications to only be able to access resources aimed to be accessed by the application. In this way the system is protected to both known and unknown threats.   * [[http://en.opensuse.org/Apparmor|AppArmor]] proactively protects the system from security threats, both internal and external. It enforce the applications to only be able to access resources aimed to be accessed by the application. In this way the system is protected to both known and unknown threats.
Line 14: Line 10:
  * [http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apparmor CVE entries]: None
  * [http://secunia.com/search/?search=apparmor Secunia history]:
    * Suse kernel update.		   * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apparmor|CVE entries]]: None
  * [[http://secunia.com/search/?search=apparmor|Secunia history]]:
    * [[http://secunia.com/advisories/21179/|Suse kernel update]]
Line 25: Line 21:
    * Apparmor kernel module is not included into the kernel. It requires a manual compilation using module-assistant. Apparmor will stop working when the kernel is updated but the user hasn't recompiled apparmor module.
  * Does the package ask any debconf questions higher than priority 'medium' ?
  * [http://bugs.debian.org/src:apparmor Debian bugs]: None
  * [http://packages.qa.debian.org/a/apparmor.html Maintenance in Debian] is franetic/vigorous/calm/dead ? Not in debian.
  * [http://en.opensuse.org/Apparmor] is vigorous.
  * [https://bugzilla.novell.com/ Upstream bug tracker]: Classification: opensuse, Component AppArmor		     * aa-eventd is used to dump audit messages in an sqlite database. The database is then accessed by the perl module Report.pm (currently used only by YasT, which is not packaged). Report.pm uses ycp (a perl module from Yast), which is not packaged at all. Both aa-eventd and Report.pm are not required to make the AppArmor framework working. They provide reporting functionality. They depend on libtimedate-perl, libdbd-sqlite3-perl and libfile-tail-perl (currently in universe).
      Audit messages are currently logged to syslog. In the long term, the audit daemon is planned to be used. See [[https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/116921|aa-eventd dependencies missing (from apparmor-utils)]] and AppArmorGutsy.
    * Apparmor module is included in linux-ubuntu-modules. It has been submitted by upstream for inclusion into the mainline kernel. But it hasn't been accepted yet.
  * Does the package ask any debconf questions higher than priority 'medium' ? No.
  * AppArmor is not packaged in Debian. A request was made : [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=347558|RFP: apparmor -- an application security framework for high security and easy usabilty]]. But the bug was closed.
  * [[http://en.opensuse.org/Apparmor]] is vigorous. It is backed by Novell and included in SLES/Suse Linux/OpenSuse.
  * [[https://bugzilla.novell.com/|Upstream bug tracker]]: Classification: opensuse, Component AppArmor
Line 33: Line 30:
  * [http://www.pathname.com/fhs/ FHS], [http://www.de.debian.org/doc/debian-policy/ Debian Policy] compliance : Yes
  * [http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html Debian library packaging guide] standards compliance: No library.		   * [[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance : Yes
  * [[http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html|Debian library packaging guide]] standards compliance: No library.
Line 42: Line 39:
  * in universe:
    * libtimedate-perl
    * libdbd-sqlite3-perl
    * libfile-tail-perl
Line 47: Line 40:
    All the packages in universe are required to make aa-eventd working. aa-eventd is not required to make the AppArmor framework working. It's used to dump audit log in an sqlite database. The database is then used by reporting tools (currently only by YasT, which is not packaged). Currently audit messages are logged to syslog. In the long term, the audit daemon is planned to be used. See [https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/116921 aa-eventd dependencies missing (from apparmor-utils)] and AppArmorGutsy.
Line 50: Line 42:
  * Has it had different names in the past : Part of Novell/Suse now. Started as Immunix, with the name subdomain (the code still as references to subdomain).   * Has it had different names in the past : The first name was subdomain and started to be developed by Immunix in 97/98. It was renamed to AppArmor in January 2004. Novell bought Immunix in 2005 to include AppArmor into their linux products (ie SLES, Suse Linux, OpenSuse). The project is currently supported by Novell.
Line 53: Line 45:
MartinPitt: support team gave thumbs up, infrastructure packages are good; -profiles stays in universe for now

Main Inclusion Report for apparmor

Requirements

  1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/a/apparmor/; available for i386, amd64, ppc, ppc64.

  2. Rationale:

    • AppArmor proactively protects the system from security threats, both internal and external. It enforce the applications to only be able to access resources aimed to be accessed by the application. In this way the system is protected to both known and unknown threats.

    • For each application we want to protect or increase the security around, a security profile is created. The profile describes what files or devices the application is allowed to read, write and/or execute.

  3. Security:

    • CVE entries: None

    • Secunia history:

    • All management scripts (written in perl) have to run as root, because they access information in /sys/kernel/security/apparmor/. There is also a module loaded into the kernel. Apparmor comes with a daemon, 'aa-eventd', that scans log files to extract apparmor audit messages and put them into a sqlite database for later analysis. It is not started by default.

    • Network activity: None.
    • Source code review:
      • kernel module: No.
      • User space utilities: I've improved some management scripts, so I've looked at the code a little bit.

  4. Quality assurance:

    • In what situations does the package not work out of the box without configuration ?
      • All the profiles are in complain mode by default. So no improved security is provided by default. The user has to put the profiles into enforce mode via the command line. This is done to avoid breaking user's systems since profiles are not well tested yet. In the long term, profiles should be shipped in enforce mode by default to provide additional security out-of-the-box.

      • aa-eventd is used to dump audit messages in an sqlite database. The database is then accessed by the perl module Report.pm (currently used only by YasT, which is not packaged). Report.pm uses ycp (a perl module from Yast), which is not packaged at all. Both aa-eventd and Report.pm are not required to make the AppArmor framework working. They provide reporting functionality. They depend on libtimedate-perl, libdbd-sqlite3-perl and libfile-tail-perl (currently in universe).

      • Apparmor module is included in linux-ubuntu-modules. It has been submitted by upstream for inclusion into the mainline kernel. But it hasn't been accepted yet.
    • Does the package ask any debconf questions higher than priority 'medium' ? No.

    • AppArmor is not packaged in Debian. A request was made : RFP: apparmor -- an application security framework for high security and easy usabilty. But the bug was closed.

    • http://en.opensuse.org/Apparmor is vigorous. It is backed by Novell and included in SLES/Suse Linux/OpenSuse.

    • Upstream bug tracker: Classification: opensuse, Component AppArmor

    • Hardware: No

  5. Standards compliance:

  6. Dependencies:

    • in main:
      • perl
      • libc6
      • upstart-compat-sysv
      • liblocale-gettext-perl

  7. Background information:

    • What do upstream call this software : AppArmor.

    • Has it had different names in the past : The first name was subdomain and started to be developed by Immunix in 97/98. It was renamed to AppArmor in January 2004. Novell bought Immunix in 2005 to include AppArmor into their linux products (ie SLES, Suse Linux, OpenSuse). The project is currently supported by Novell.

Reviewers

MartinPitt: support team gave thumbs up, infrastructure packages are good; -profiles stays in universe for now

MainInclusionReportApparmor (last edited 2008-08-06 16:20:53 by localhost)