AppArmor: Difference between revisions
(Created page with "AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. <block...") |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. | AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. The profile is set to complain mode by default so you will need to enable it with the aa-enforce command to enable it.<blockquote> | ||
< | <nowiki># Last Modified: Thu Oct 22 19:18:38 2020</nowiki> | ||
#include <tunables/global> | <nowiki>#include <tunables/global></nowiki> | ||
# vim:syntax=apparmor | <nowiki># vim:syntax=apparmor</nowiki> | ||
# AppArmor policy for ts3server | <nowiki># AppArmor policy for ts3server</nowiki> | ||
# | <nowiki># TeamSpeak.wiki/nowiki> | ||
# | <nowiki># 2020</nowiki> | ||
<nowiki># No template variables specified</nowiki> | |||
# No template variables specified | |||
/home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) { | /home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) { | ||
#include <abstractions/base> | <nowiki> #include <abstractions/base></nowiki> | ||
network inet dgram, | network inet dgram, | ||
| Line 75: | Line 73: | ||
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w, | owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w, | ||
owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w,</blockquote> | owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w, | ||
}</blockquote> | |||
Latest revision as of 05:45, 6 January 2021
AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. The profile is set to complain mode by default so you will need to enable it with the aa-enforce command to enable it.
# Last Modified: Thu Oct 22 19:18:38 2020
#include <tunables/global>
# vim:syntax=apparmor
# AppArmor policy for ts3server
# TeamSpeak.wiki/nowiki> <nowiki># 2020
# No template variables specified
/home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) {
#include <abstractions/base>
network inet dgram,
network inet stream,
network inet6 dgram,
network netlink raw,
/etc/hosts r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/ r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/* r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/* w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/ r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/avatar_** r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/avatar_** w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/icons/ r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/icons/icon_** r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/.ts3server_license_accepted r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/query_ip_blacklist.txt r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/query_ip_whitelist.txt r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/GeoLite2-Country.mmdb r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/redist/libmariadb.so.2 r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3_ssh.so r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3db_mariadb.so r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3db_sqlite3.so r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb-shm w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb-wal w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ssh_host_rsa_key w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.ini w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w,
}