/apparmor/severity.db

http://github.com/brinkman83/bashrc · Unknown · 455 lines · 453 code · 2 blank · 0 comment · 0 complexity · cb68bdacc93aa7d2715c8cb58728e8de MD5 · raw file

  1. # $Id$
  2. # ------------------------------------------------------------------
  3. #
  4. # Copyright (C) 2002-2005 Novell/SUSE
  5. #
  6. # This program is free software; you can redistribute it and/or
  7. # modify it under the terms of version 2 of the GNU General Public
  8. # License published by the Free Software Foundation.
  9. #
  10. # ------------------------------------------------------------------
  11. # Allow this process to 0wn the machine:
  12. CAP_SYS_ADMIN 10
  13. CAP_SYS_CHROOT 10
  14. CAP_SYS_MODULE 10
  15. CAP_SYS_PTRACE 10
  16. CAP_SYS_RAWIO 10
  17. # Allow other processes to 0wn the machine:
  18. CAP_SETPCAP 9
  19. CAP_CHOWN 9
  20. CAP_FSETID 9
  21. CAP_MKNOD 9
  22. CAP_LINUX_IMMUTABLE 9
  23. CAP_DAC_OVERRIDE 9
  24. CAP_SETGID 9
  25. CAP_SETUID 9
  26. CAP_FOWNER 9
  27. # Denial of service, bypass audit controls, information leak
  28. CAP_SYS_TIME 8
  29. CAP_NET_ADMIN 8
  30. CAP_SYS_RESOURCE 8
  31. CAP_KILL 8
  32. CAP_IPC_OWNER 8
  33. CAP_SYS_PACCT 8
  34. CAP_SYS_BOOT 8
  35. CAP_NET_BIND_SERVICE 8
  36. CAP_NET_RAW 8
  37. CAP_SYS_NICE 8
  38. CAP_LEASE 8
  39. CAP_IPC_LOCK 8
  40. CAP_SYS_TTY_CONFIG 8
  41. CAP_DAC_READ_SEARCH 7
  42. CAP_AUDIT_CONTROL 8
  43. CAP_AUDIT_WRITE 8
  44. # unused
  45. CAP_NET_BROADCAST 0
  46. # filename r w x
  47. # 'hard drives' are generally 4 10 0
  48. /**/lost+found/** 5 5 0
  49. /boot/** 7 10 0
  50. /etc/passwd* 4 8 0
  51. /etc/group* 4 8 0
  52. /etc/shadow* 7 9 0
  53. /etc/shadow* 7 9 0
  54. /home/*/.ssh/** 7 9 0
  55. /home/*/.gnupg/** 5 7 0
  56. /home/** 4 6 0
  57. /srv/** 4 6 0
  58. /proc/** 6 9 0
  59. /proc/sys/kernel/hotplug 2 10 0
  60. /proc/sys/kernel/modprobe 2 10 0
  61. /proc/kallsyms 7 0 0
  62. /sys/** 4 8 0
  63. /sys/power/state 2 8 0
  64. /sys/firmware/** 2 10 0
  65. /dev/pts/* 8 9 0
  66. /dev/ptmx 8 9 0
  67. /dev/pty* 8 9 0
  68. /dev/null 0 0 0
  69. /dev/adbmouse 3 8 0
  70. /dev/ataraid 9 10 0
  71. /dev/zero 0 0 0
  72. /dev/agpgart* 8 10 0
  73. /dev/aio 3 3 0
  74. /dev/cbd/* 5 5 0
  75. /dev/cciss/* 4 10 0
  76. /dev/capi* 4 6 0
  77. /dev/cfs0 4 10 0
  78. /dev/compaq/* 4 10 0
  79. /dev/cdouble* 4 8 0
  80. /dev/cpu** 5 5 0
  81. /dev/cpu**microcode 1 10 0
  82. /dev/double* 4 8 0
  83. /dev/hd* 4 10 0
  84. /dev/sd* 4 10 0
  85. /dev/ida/* 4 10 0
  86. /dev/input/* 4 8 0
  87. /dev/mapper/control 4 10 0
  88. /dev/*mem 8 10 0
  89. /dev/loop* 4 10 0
  90. /dev/lp* 0 4 0
  91. /dev/md* 4 10 0
  92. /dev/msr 4 10 0
  93. /dev/nb* 4 10 0
  94. /dev/ram* 8 10 0
  95. /dev/rd/* 4 10 0
  96. /dev/*random 3 1 0
  97. /dev/sbpcd* 4 0 0
  98. /dev/rtc 6 0 0
  99. /dev/sd* 4 10 0
  100. /dev/sc* 4 10 0
  101. /dev/sg* 4 10 0
  102. /dev/st* 4 10 0
  103. /dev/snd/* 3 8 0
  104. /dev/usb/mouse* 4 6 0
  105. /dev/usb/hid* 4 6 0
  106. /dev/usb/tty* 4 6 0
  107. /dev/tty* 8 9 0
  108. /dev/stderr 0 0 0
  109. /dev/stdin 0 0 0
  110. /dev/stdout 0 0 0
  111. /dev/ubd* 4 10 0
  112. /dev/usbmouse* 4 6 0
  113. /dev/userdma 8 10 0
  114. /dev/vcs* 8 9 0
  115. /dev/xta* 4 10 0
  116. /dev/zero 0 0 0
  117. /dev/inittcl 8 10 0
  118. /dev/log 5 7 0
  119. /etc/fstab 3 8 0
  120. /etc/mtab 3 5 0
  121. /etc/SuSEconfig/* 1 8 0
  122. /etc/X11/* 2 7 0
  123. /etc/X11/xinit/* 2 8 0
  124. /etc/SuSE-release 1 5 0
  125. /etc/issue* 1 3 0
  126. /etc/motd 1 3 0
  127. /etc/aliases.d/* 1 7 0
  128. /etc/cron* 1 9 0
  129. /etc/cups/* 2 7 0
  130. /etc/default/* 3 8 0
  131. /etc/init.d/* 1 10 0
  132. /etc/permissions.d/* 1 8 0
  133. /etc/ppp/* 2 6 0
  134. /etc/ppp/*secrets 8 6 0
  135. /etc/profile.d/* 1 8 0
  136. /etc/skel/* 0 7 0
  137. /etc/sysconfig/* 4 10 0
  138. /etc/xinetd.d/* 1 9 0
  139. /etc/termcap/* 1 4 0
  140. /etc/ld.so.* 1 9 0
  141. /etc/pam.d/* 3 9 0
  142. /etc/udev/* 3 9 0
  143. /etc/insserv.conf 3 6 0
  144. /etc/security/* 1 9 0
  145. /etc/securetty 0 7 0
  146. /etc/sudoers 4 9 0
  147. /etc/hotplug/* 2 10 0
  148. /etc/xinitd.conf 1 9 0
  149. /etc/gpm/* 2 10 0
  150. /etc/ssl/** 2 7 0
  151. /etc/shadow* 5 9 0
  152. /etc/bash.bashrc 1 9 0
  153. /etc/csh.cshrc 1 9 0
  154. /etc/csh.login 1 9 0
  155. /etc/inittab 1 10 0
  156. /etc/profile* 1 9 0
  157. /etc/shells 1 5 0
  158. /etc/alternatives 1 6 0
  159. /etc/sysctl.conf 3 7 0
  160. /etc/dev.d/* 1 8 0
  161. /etc/manpath.config 1 6 0
  162. /etc/permissions* 1 8 0
  163. /etc/evms.conf 3 8 0
  164. /etc/exports 3 8 0
  165. /etc/samba/* 5 8 0
  166. /etc/ssh/* 3 8 0
  167. /etc/ssh/ssh_host_*key 8 8 0
  168. /etc/krb5.conf 4 8 0
  169. /etc/ntp.conf 3 8 0
  170. /etc/auto.* 3 8 0
  171. /etc/postfix/* 3 7 0
  172. /etc/postfix/*passwd* 6 7 0
  173. /etc/postfix/*cert* 6 7 0
  174. /etc/foomatic/* 3 5 0
  175. /etc/printcap 3 5 0
  176. /etc/youservers 4 9 0
  177. /etc/grub.conf 7 10 0
  178. /etc/modules.conf 4 10 0
  179. /etc/resolv.conf 2 7 0
  180. /etc/apache2/** 3 7 0
  181. /etc/apache2/**ssl** 7 7 0
  182. /etc/subdomain.d/** 6 10 0
  183. /etc/apparmor.d/** 6 10 0
  184. /etc/apparmor/** 6 10 0
  185. /var/log/** 3 8 0
  186. /var/adm/SuSEconfig/** 3 8 0
  187. /var/adm/** 3 7 0
  188. /var/lib/rpm/** 4 8 0
  189. /var/run/nscd/* 3 3 0
  190. /var/run/.nscd_socket 3 3 0
  191. /usr/share/doc/** 1 1 0
  192. /usr/share/man/** 3 5 0
  193. /usr/X11/man/** 3 5 0
  194. /usr/share/info/** 2 4 0
  195. /usr/share/java/** 2 5 0
  196. /usr/share/locale/** 2 4 0
  197. /usr/share/sgml/** 2 4 0
  198. /usr/share/YaST2/** 3 9 0
  199. /usr/share/ghostscript/** 3 5 0
  200. /usr/share/terminfo/** 1 8 0
  201. /usr/share/latex2html/** 2 4 0
  202. /usr/share/cups/** 5 6 0
  203. /usr/share/susehelp/** 2 6 0
  204. /usr/share/susehelp/cgi-bin/** 3 7 7
  205. /usr/share/zoneinfo/** 2 7 0
  206. /usr/share/zsh/** 3 6 0
  207. /usr/share/vim/** 3 8 0
  208. /usr/share/groff/** 3 7 0
  209. /usr/share/vnc/** 3 8 0
  210. /usr/share/wallpapers/** 2 4 0
  211. /usr/X11** 3 8 5
  212. /usr/X11*/bin/XFree86 3 8 8
  213. /usr/X11*/bin/Xorg 3 8 8
  214. /usr/X11*/bin/sux 3 8 8
  215. /usr/X11*/bin/xconsole 3 7 7
  216. /usr/X11*/bin/xhost 3 7 7
  217. /usr/X11*/bin/xauth 3 7 7
  218. /usr/X11*/bin/ethereal 3 6 8
  219. /usr/lib/ooo-** 3 6 5
  220. /usr/lib/lsb/** 2 8 8
  221. /usr/lib/pt_chwon 2 8 5
  222. /usr/lib/tcl** 2 5 3
  223. /usr/lib/lib*so* 3 8 4
  224. /usr/lib/iptables/* 2 8 2
  225. /usr/lib/perl5/** 4 10 6
  226. /usr/lib/gconv/* 4 7 4
  227. /usr/lib/locale/** 4 8 0
  228. /usr/lib/jvm/** 5 7 5
  229. /usr/lib/sasl*/** 5 8 4
  230. /usr/lib/jvm-exports/** 5 7 5
  231. /usr/lib/jvm-private/** 5 7 5
  232. /usr/lib/python*/** 5 7 5
  233. /usr/lib/libkrb5* 4 8 4
  234. /usr/lib/postfix/* 4 7 4
  235. /usr/lib/rpm/** 4 8 6
  236. /usr/lib/rpm/gnupg/** 4 9 0
  237. /usr/lib/apache2** 4 7 4
  238. /usr/lib/mailman/** 4 6 4
  239. /usr/bin/ldd 1 7 4
  240. /usr/bin/netcat 5 7 8
  241. /usr/bin/clear 2 6 3
  242. /usr/bin/reset 2 6 3
  243. /usr/bin/tput 2 6 3
  244. /usr/bin/tset 2 6 3
  245. /usr/bin/file 2 6 3
  246. /usr/bin/ftp 3 7 5
  247. /usr/bin/busybox 4 8 6
  248. /usr/bin/rbash 4 8 5
  249. /usr/bin/screen 3 6 5
  250. /usr/bin/getfacl 3 7 4
  251. /usr/bin/setfacl 3 7 9
  252. /usr/bin/*awk* 3 7 7
  253. /usr/bin/sudo 2 9 10
  254. /usr/bin/lsattr 2 6 5
  255. /usr/bin/chattr 2 7 8
  256. /usr/bin/sed 3 7 6
  257. /usr/bin/grep 2 7 2
  258. /usr/bin/chroot 2 6 10
  259. /usr/bin/dircolors 2 9 3
  260. /usr/bin/cut 2 7 2
  261. /usr/bin/du 2 7 3
  262. /usr/bin/env 2 7 2
  263. /usr/bin/head 2 7 2
  264. /usr/bin/tail 2 7 2
  265. /usr/bin/install 2 8 4
  266. /usr/bin/link 2 6 4
  267. /usr/bin/logname 2 6 2
  268. /usr/bin/md5sum 2 8 3
  269. /usr/bin/mkfifo 2 6 10
  270. /usr/bin/nice 2 7 7
  271. /usr/bin/nohup 2 7 7
  272. /usr/bin/printf 2 7 1
  273. /usr/bin/readlink 2 7 3
  274. /usr/bin/seq 2 7 1
  275. /usr/bin/sha1sum 2 8 3
  276. /usr/bin/shred 2 7 3
  277. /usr/bin/sort 2 7 3
  278. /usr/bin/split 2 7 3
  279. /usr/bin/stat 2 7 4
  280. /usr/bin/sum 2 8 3
  281. /usr/bin/tac 2 7 3
  282. /usr/bin/tail 3 8 4
  283. /usr/bin/tee 2 7 3
  284. /usr/bin/test 2 8 4
  285. /usr/bin/touch 2 7 3
  286. /usr/bin/tr 2 8 3
  287. /usr/bin/tsort 2 7 3
  288. /usr/bin/tty 2 7 3
  289. /usr/bin/unexpand 2 7 3
  290. /usr/bin/uniq 2 7 3
  291. /usr/bin/unlink 2 8 4
  292. /usr/bin/uptime 2 7 3
  293. /usr/bin/users 2 8 4
  294. /usr/bin/vdir 2 8 4
  295. /usr/bin/wc 2 7 3
  296. /usr/bin/who 2 8 4
  297. /usr/bin/whoami 2 8 4
  298. /usr/bin/yes 1 6 1
  299. /usr/bin/ed 2 7 5
  300. /usr/bin/red 2 7 4
  301. /usr/bin/find 2 8 5
  302. /usr/bin/xargs 2 7 5
  303. /usr/bin/ispell 2 7 4
  304. /usr/bin/a2p 2 7 5
  305. /usr/bin/perlcc 2 7 5
  306. /usr/bin/perldoc 2 7 5
  307. /usr/bin/pod2* 2 7 5
  308. /usr/bin/prove 2 7 5
  309. /usr/bin/perl 2 10 7
  310. /usr/bin/perl* 2 10 7
  311. /usr/bin/suidperl 2 8 8
  312. /usr/bin/csh 2 8 8
  313. /usr/bin/tcsh 2 8 8
  314. /usr/bin/tree 2 6 5
  315. /usr/bin/last 2 7 5
  316. /usr/bin/lastb 2 7 5
  317. /usr/bin/utmpdump 2 6 5
  318. /usr/bin/alsamixer 2 6 8
  319. /usr/bin/amixer 2 6 8
  320. /usr/bin/amidi 2 6 8
  321. /usr/bin/aoss 2 6 8
  322. /usr/bin/aplay 2 6 8
  323. /usr/bin/aplaymidi 2 6 8
  324. /usr/bin/arecord 2 6 8
  325. /usr/bin/arecordmidi 2 6 8
  326. /usr/bin/aseqnet 2 6 8
  327. /usr/bin/aserver 2 6 8
  328. /usr/bin/iecset 2 6 8
  329. /usr/bin/rview 2 6 5
  330. /usr/bin/ex 2 7 5
  331. /usr/bin/enscript 2 6 5
  332. /usr/bin/genscript 2 6 5
  333. /usr/bin/xdelta 2 6 5
  334. /usr/bin/edit 2 6 5
  335. /usr/bin/vimtutor 2 6 5
  336. /usr/bin/rvim 2 6 5
  337. /usr/bin/vim 2 8 7
  338. /usr/bin/vimdiff 2 8 7
  339. /usr/bin/aspell 2 6 5
  340. /usr/bin/xxd 2 6 5
  341. /usr/bin/spell 2 6 5
  342. /usr/bin/eqn 2 6 5
  343. /usr/bin/eqn2graph 2 6 5
  344. /usr/bin/word-list-compress 2 6 4
  345. /usr/bin/afmtodit 2 6 4
  346. /usr/bin/hpf2dit 2 6 4
  347. /usr/bin/geqn 2 6 4
  348. /usr/bin/grn 2 6 4
  349. /usr/bin/grodvi 2 6 4
  350. /usr/bin/groff 2 6 5
  351. /usr/bin/groffer 2 6 4
  352. /usr/bin/grolj4 2 6 4
  353. /usr/bin/grotty 2 6 4
  354. /usr/bin/gtbl 2 6 4
  355. /usr/bin/pic2graph 2 6 4
  356. /usr/bin/indxbib 2 6 4
  357. /usr/bin/lkbib 2 6 4
  358. /usr/bin/lookbib 2 6 4
  359. /usr/bin/mmroff 2 6 4
  360. /usr/bin/neqn 2 6 4
  361. /usr/bin/pfbtops 2 6 4
  362. /usr/bin/pic 2 6 4
  363. /usr/bin/tfmtodit 2 6 4
  364. /usr/bin/tbl 2 6 4
  365. /usr/bin/post-grohtml 2 6 4
  366. /usr/bin/pre-grohtml 2 6 4
  367. /usr/bin/refer 2 6 4
  368. /usr/bin/soelim 2 6 4
  369. /usr/bin/disable-paste 2 6 6
  370. /usr/bin/troff 2 6 4
  371. /usr/bin/strace-graph 2 6 4
  372. /usr/bin/gpm-root 2 6 7
  373. /usr/bin/hltest 2 6 7
  374. /usr/bin/mev 2 6 6
  375. /usr/bin/mouse-test 2 6 6
  376. /usr/bin/strace 2 8 9
  377. /usr/bin/scsiformat 2 7 10
  378. /usr/bin/lsscsi 2 7 7
  379. /usr/bin/scsiinfo 2 7 7
  380. /usr/bin/sg_* 2 7 7
  381. /usr/bin/build-classpath 2 6 6
  382. /usr/bin/build-classpath-directory 2 6 6
  383. /usr/bin/build-jar-repository 2 6 6
  384. /usr/bin/diff-jars 2 6 6
  385. /usr/bin/jvmjar 2 6 6
  386. /usr/bin/rebuild-jar-repository 2 6 6
  387. /usr/bin/scriptreplay 2 6 5
  388. /usr/bin/cal 2 6 3
  389. /usr/bin/chkdupexe 2 6 5
  390. /usr/bin/col 2 6 4
  391. /usr/bin/colcrt 2 6 4
  392. /usr/bin/colrm 2 6 3
  393. /usr/bin/column 2 6 4
  394. /usr/bin/cytune 2 6 6
  395. /usr/bin/ddate 2 6 3
  396. /usr/bin/fdformat 2 6 6
  397. /usr/bin/getopt 2 8 6
  398. /usr/bin/hexdump 2 6 4
  399. /usr/bin/hostid 2 6 4
  400. /usr/bin/ipcrm 2 7 7
  401. /usr/bin/ipcs 2 7 6
  402. /usr/bin/isosize 2 6 4
  403. /usr/bin/line 2 6 4
  404. /usr/bin/look 2 6 5
  405. /usr/bin/mcookie 2 7 5
  406. /usr/bin/mesg 2 6 4
  407. /usr/bin/namei 2 6 5
  408. /usr/bin/rename 2 6 5
  409. /usr/bin/renice 2 6 7
  410. /usr/bin/rev 2 6 5
  411. /usr/bin/script 2 6 6
  412. /usr/bin/ChangeSymlinks 2 8 8
  413. /usr/bin/setfdprm 2 6 7
  414. /usr/bin/setsid 2 6 3
  415. /usr/bin/setterm 2 6 5
  416. /usr/bin/tailf 2 6 4
  417. /usr/bin/time 2 6 4
  418. /usr/bin/ul 2 6 4
  419. /usr/bin/wall 2 6 5
  420. /usr/bin/whereis 2 6 4
  421. /usr/bin/which 2 6 3
  422. /usr/bin/c_rehash 2 7 6
  423. /usr/bin/openssl 2 8 6
  424. /usr/bin/lsdev 2 6 5
  425. /usr/bin/procinfo 2 6 5
  426. /usr/bin/socklist 2 6 5
  427. /usr/bin/filesize 2 6 3
  428. /usr/bin/linkto 2 6 3
  429. /usr/bin/mkinfodir 2 6 5
  430. /usr/bin/old 2 6 4
  431. /usr/bin/rpmlocate 2 6 5
  432. /usr/bin/safe-rm 2 8 6
  433. /usr/bin/safe-rmdir 2 8 6
  434. /usr/bin/setJava 2 6 1
  435. /usr/bin/vmstat 2 6 4
  436. /usr/bin/top 2 6 6
  437. /usr/bin/pinentry* 2 7 6
  438. /usr/bin/free 2 8 4
  439. /usr/bin/pmap 2 6 5
  440. /usr/bin/slabtop 2 6 4
  441. /usr/bin/tload 2 6 4
  442. /usr/bin/watch 2 6 3
  443. /usr/bin/w 2 6 4
  444. /usr/bin/pstree.x11 2 6 4
  445. /usr/bin/pstree 2 6 4
  446. /usr/bin/snice 2 6 6
  447. /usr/bin/skill 2 6 7
  448. /usr/bin/pgrep 2 6 4
  449. /usr/bin/killall 2 6 7
  450. /usr/bin/curl 2 7 7
  451. /usr/bin/slptool 2 7 8
  452. /usr/bin/ldap* 2 7 7
  453. /usr/bin/whatis 2 7 5