AppArmor: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. The profile is set to complain mode by default so you will need to enable it with the aa-enforce command to enable it. | AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. The profile is set to complain mode by default so you will need to enable it with the aa-enforce command to enable it.<blockquote> | ||
<blockquote> | |||
<nowiki># Last Modified: Thu Oct 22 19:18:38 2020</nowiki> | |||
<nowiki>#include <tunables/global></nowiki> | |||
<nowiki># vim:syntax=apparmor</nowiki> | |||
<nowiki># AppArmor policy for ts3server</nowiki> | |||
<nowiki># TeamSpeak.wiki/nowiki> | |||
<nowiki># 2020</nowiki> | |||
<nowiki># No template variables specified</nowiki> | |||
/home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) { | /home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) { | ||
#include <abstractions/base> | <nowiki> #include <abstractions/base></nowiki> | ||
network inet dgram, | network inet dgram, | ||
| Line 73: | Line 73: | ||
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w, | owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w, | ||
owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w,</blockquote> | owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w, | ||
}</blockquote> | |||
Latest revision as of 05:45, 6 January 2021
AppArmor allows you to further shield your TeamSpeak instance from code based attacks. This is a SAMPLE profile and WILL need to eb changed so it works on your system. The profile is set to complain mode by default so you will need to enable it with the aa-enforce command to enable it.
# Last Modified: Thu Oct 22 19:18:38 2020
#include <tunables/global>
# vim:syntax=apparmor
# AppArmor policy for ts3server
# TeamSpeak.wiki/nowiki> <nowiki># 2020
# No template variables specified
/home/teamspeak/teamspeak3-server_linux-amd64/ts3server flags=(complain) {
#include <abstractions/base>
network inet dgram,
network inet stream,
network inet6 dgram,
network netlink raw,
/etc/hosts r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/ r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/* r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/channel_**/* w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/ r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/avatar_** r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/avatar_** w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/icons/ r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/files/virtualserver_**/internal/icons/icon_** r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/.ts3server_license_accepted r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/query_ip_blacklist.txt r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/query_ip_whitelist.txt r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/GeoLite2-Country.mmdb r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/redist/libmariadb.so.2 r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3_ssh.so r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3db_mariadb.so r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/libts3db_sqlite3.so r,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb-shm w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.sqlitedb-wal w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ssh_host_rsa_key w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.ini w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/ts3server.pid w,
owner /home/teamspeak/teamspeak3-server_linux-amd64/licensekey.dat w,
}