AppArmor

From TeamSpeak Wiki
Jump to navigation Jump to search

AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. The profile is set to complain mode by default so you will need to enable it with the aa-enforce command to enable it.

# Last Modified: Thu Oct 22 19:18:38 2020

#include <tunables/global>

# vim:syntax=apparmor

# AppArmor policy for ts3server

# TeamSpeak.wiki/nowiki> <nowiki># 2020

# No template variables specified

/home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) {

  #include <abstractions/base>

  network inet dgram,

  network inet stream,

  network inet6 dgram,

  network netlink raw,

  /etc/hosts r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/ r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/* r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/* w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/ r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/avatar_** r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/avatar_** w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/icons/ r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/icons/icon_** r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/.ts3server_license_accepted r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/query_ip_blacklist.txt r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/query_ip_whitelist.txt r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/GeoLite2-Country.mmdb r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/redist/libmariadb.so.2 r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3_ssh.so r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3db_mariadb.so r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3db_sqlite3.so r,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb-shm w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb-wal w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/ssh_host_rsa_key w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.ini w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w,

  owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w,

}