PageRenderTime 23ms CodeModel.GetById 14ms app.highlight 4ms RepoModel.GetById 1ms app.codeStats 0ms

/apparmor/severity.db

http://github.com/brinkman83/bashrc
Unknown | 455 lines | 453 code | 2 blank | 0 comment | 0 complexity | cb68bdacc93aa7d2715c8cb58728e8de MD5 | raw file
  1# $Id$
  2# ------------------------------------------------------------------
  3#
  4#    Copyright (C) 2002-2005 Novell/SUSE
  5#
  6#    This program is free software; you can redistribute it and/or
  7#    modify it under the terms of version 2 of the GNU General Public
  8#    License published by the Free Software Foundation.
  9#
 10# ------------------------------------------------------------------
 11
 12# Allow this process to 0wn the machine:
 13       CAP_SYS_ADMIN 10
 14       CAP_SYS_CHROOT 10
 15       CAP_SYS_MODULE 10
 16       CAP_SYS_PTRACE 10
 17       CAP_SYS_RAWIO 10
 18# Allow other processes to 0wn the machine:
 19       CAP_SETPCAP 9
 20       CAP_CHOWN 9 
 21       CAP_FSETID 9
 22       CAP_MKNOD 9
 23       CAP_LINUX_IMMUTABLE 9
 24       CAP_DAC_OVERRIDE 9
 25       CAP_SETGID 9
 26       CAP_SETUID 9
 27       CAP_FOWNER 9
 28# Denial of service, bypass audit controls, information leak
 29       CAP_SYS_TIME 8
 30       CAP_NET_ADMIN 8
 31       CAP_SYS_RESOURCE 8
 32       CAP_KILL 8
 33       CAP_IPC_OWNER 8
 34       CAP_SYS_PACCT 8
 35       CAP_SYS_BOOT 8
 36       CAP_NET_BIND_SERVICE 8
 37       CAP_NET_RAW 8
 38       CAP_SYS_NICE 8
 39       CAP_LEASE 8
 40       CAP_IPC_LOCK 8
 41       CAP_SYS_TTY_CONFIG 8
 42       CAP_DAC_READ_SEARCH 7
 43       CAP_AUDIT_CONTROL 8
 44       CAP_AUDIT_WRITE 8
 45# unused
 46       CAP_NET_BROADCAST 0
 47
 48# filename	r w x
 49# 'hard drives' are generally 4 10 0
 50/**/lost+found/**	5 5 0
 51/boot/**	7 10 0
 52/etc/passwd*	4 8 0
 53/etc/group*	4 8 0
 54/etc/shadow*	7 9 0
 55/etc/shadow*	7 9 0
 56/home/*/.ssh/**	7 9 0
 57/home/*/.gnupg/**	5 7 0
 58/home/**	4 6 0
 59/srv/**         4 6 0
 60/proc/**	6 9 0
 61/proc/sys/kernel/hotplug	2 10 0
 62/proc/sys/kernel/modprobe	2 10 0
 63/proc/kallsyms	7 0 0
 64/sys/**		4 8 0
 65/sys/power/state	2 8 0
 66/sys/firmware/**	2 10 0
 67/dev/pts/*	8 9 0
 68/dev/ptmx	8 9 0
 69/dev/pty*	8 9 0
 70/dev/null	0 0 0
 71/dev/adbmouse	3 8 0
 72/dev/ataraid	9 10 0
 73/dev/zero	0 0 0
 74/dev/agpgart*	8 10 0
 75/dev/aio	3 3 0
 76/dev/cbd/*	5 5 0
 77/dev/cciss/*	4 10 0
 78/dev/capi*	4 6 0
 79/dev/cfs0	4 10 0
 80/dev/compaq/*   4 10 0
 81/dev/cdouble*   4 8 0
 82/dev/cpu**	5 5 0
 83/dev/cpu**microcode	1 10 0
 84/dev/double*	4 8 0
 85/dev/hd*	4 10 0
 86/dev/sd*	4 10 0
 87/dev/ida/*	4 10 0
 88/dev/input/*	4 8 0
 89/dev/mapper/control	4 10 0
 90/dev/*mem	8 10 0
 91/dev/loop*	4 10 0
 92/dev/lp*	0 4 0
 93/dev/md*	4 10 0
 94/dev/msr	4 10 0
 95/dev/nb*	4 10 0
 96/dev/ram*	8 10 0
 97/dev/rd/*	4 10 0
 98/dev/*random	3 1 0
 99/dev/sbpcd*	4 0 0
100/dev/rtc	6 0 0
101/dev/sd*	4 10 0
102/dev/sc*	4 10 0
103/dev/sg*	4 10 0
104/dev/st*	4 10 0
105/dev/snd/*	3 8 0
106/dev/usb/mouse*	4 6 0
107/dev/usb/hid*	4 6 0
108/dev/usb/tty*	4 6 0
109/dev/tty*	8 9 0
110/dev/stderr	0 0 0
111/dev/stdin	0 0 0
112/dev/stdout	0 0 0
113/dev/ubd*	4 10 0
114/dev/usbmouse*	4 6 0
115/dev/userdma	8 10 0
116/dev/vcs*	8 9 0
117/dev/xta*	4 10 0
118/dev/zero	0 0 0
119/dev/inittcl	8 10 0
120/dev/log	5 7 0
121/etc/fstab	3 8 0
122/etc/mtab	3 5 0
123/etc/SuSEconfig/*	1 8 0
124/etc/X11/*	2 7 0
125/etc/X11/xinit/*	2 8 0
126/etc/SuSE-release	1 5 0
127/etc/issue*	1 3 0
128/etc/motd	1 3 0
129/etc/aliases.d/*	1 7 0
130/etc/cron*	1 9 0
131/etc/cups/*	2 7 0
132/etc/default/*	3 8 0
133/etc/init.d/*	1 10 0
134/etc/permissions.d/*	1 8 0
135/etc/ppp/*	2 6 0
136/etc/ppp/*secrets	8 6 0
137/etc/profile.d/*	1 8 0
138/etc/skel/*	0 7 0
139/etc/sysconfig/*	4 10 0
140/etc/xinetd.d/*	1 9 0
141/etc/termcap/*	1 4 0
142/etc/ld.so.*	1 9 0
143/etc/pam.d/*	3 9 0
144/etc/udev/*	3 9 0
145/etc/insserv.conf	3 6 0
146/etc/security/*	1 9 0
147/etc/securetty	0 7 0
148/etc/sudoers	4 9 0
149/etc/hotplug/*	2 10 0
150/etc/xinitd.conf	1 9 0
151/etc/gpm/*	2 10 0
152/etc/ssl/**	2 7 0
153/etc/shadow*	5 9 0
154/etc/bash.bashrc	1 9 0
155/etc/csh.cshrc		1 9 0
156/etc/csh.login		1 9 0
157/etc/inittab	1 10 0
158/etc/profile*		1 9 0
159/etc/shells	1 5 0
160/etc/alternatives	1 6 0
161/etc/sysctl.conf	3 7 0
162/etc/dev.d/*	1 8 0
163/etc/manpath.config	1 6 0
164/etc/permissions*	1 8 0
165/etc/evms.conf	3 8 0
166/etc/exports	3 8 0
167/etc/samba/*	5 8 0
168/etc/ssh/*	3 8 0
169/etc/ssh/ssh_host_*key 8 8 0
170/etc/krb5.conf	4 8 0
171/etc/ntp.conf	3 8 0
172/etc/auto.*	3 8 0
173/etc/postfix/*	3 7 0
174/etc/postfix/*passwd*	6 7 0
175/etc/postfix/*cert*	6 7 0
176/etc/foomatic/*	3 5 0
177/etc/printcap	3 5 0
178/etc/youservers	4 9 0
179/etc/grub.conf	7 10 0
180/etc/modules.conf	4 10 0
181/etc/resolv.conf	2 7 0
182/etc/apache2/**	3 7 0
183/etc/apache2/**ssl**	7 7 0
184/etc/subdomain.d/**	6 10 0
185/etc/apparmor.d/**	6 10 0
186/etc/apparmor/**	6 10 0
187/var/log/**		3 8 0
188/var/adm/SuSEconfig/**	3 8 0
189/var/adm/**		3 7 0
190/var/lib/rpm/**		4 8 0
191/var/run/nscd/*		3 3 0
192/var/run/.nscd_socket	3 3 0
193/usr/share/doc/**	1 1 0
194/usr/share/man/**	3 5 0
195/usr/X11/man/**		3 5 0
196/usr/share/info/**	2 4 0
197/usr/share/java/**	2 5 0
198/usr/share/locale/**	2 4 0
199/usr/share/sgml/**	2 4 0
200/usr/share/YaST2/**	3 9 0
201/usr/share/ghostscript/**	3 5 0
202/usr/share/terminfo/**	1 8 0
203/usr/share/latex2html/**	2 4 0
204/usr/share/cups/**	5 6 0
205/usr/share/susehelp/**	2 6 0
206/usr/share/susehelp/cgi-bin/**	3 7 7
207/usr/share/zoneinfo/**	2 7 0
208/usr/share/zsh/**	3 6 0
209/usr/share/vim/**	3 8 0
210/usr/share/groff/**	3 7 0
211/usr/share/vnc/**	3 8 0
212/usr/share/wallpapers/**	2 4 0
213/usr/X11**		3 8 5
214/usr/X11*/bin/XFree86	3 8 8
215/usr/X11*/bin/Xorg	3 8 8
216/usr/X11*/bin/sux	3 8 8
217/usr/X11*/bin/xconsole	3 7 7
218/usr/X11*/bin/xhost	3 7 7
219/usr/X11*/bin/xauth	3 7 7
220/usr/X11*/bin/ethereal	3 6 8
221/usr/lib/ooo-**		3 6 5
222/usr/lib/lsb/**		2 8 8
223/usr/lib/pt_chwon	2 8 5
224/usr/lib/tcl**		2 5 3
225/usr/lib/lib*so*	3 8 4
226/usr/lib/iptables/*	2 8 2
227/usr/lib/perl5/**	4 10 6
228/usr/lib/gconv/*	4 7 4
229/usr/lib/locale/**	4 8 0
230/usr/lib/jvm/**		5 7 5
231/usr/lib/sasl*/**	5 8 4
232/usr/lib/jvm-exports/**	5 7 5
233/usr/lib/jvm-private/**	5 7 5
234/usr/lib/python*/**	5 7 5
235/usr/lib/libkrb5*	4 8 4
236/usr/lib/postfix/*	4 7 4
237/usr/lib/rpm/**		4 8 6
238/usr/lib/rpm/gnupg/**	4 9 0
239/usr/lib/apache2**	4 7 4
240/usr/lib/mailman/**	4 6 4
241/usr/bin/ldd		1 7 4
242/usr/bin/netcat		5 7 8
243/usr/bin/clear		2 6 3
244/usr/bin/reset		2 6 3
245/usr/bin/tput		2 6 3
246/usr/bin/tset		2 6 3
247/usr/bin/file		2 6 3
248/usr/bin/ftp		3 7 5
249/usr/bin/busybox	4 8 6
250/usr/bin/rbash		4 8 5
251/usr/bin/screen		3 6 5
252/usr/bin/getfacl	3 7 4
253/usr/bin/setfacl	3 7 9
254/usr/bin/*awk*		3 7 7
255/usr/bin/sudo		2 9 10
256/usr/bin/lsattr		2 6 5
257/usr/bin/chattr		2 7 8
258/usr/bin/sed		3 7 6
259/usr/bin/grep		2 7 2
260/usr/bin/chroot		2 6 10
261/usr/bin/dircolors	2 9 3
262/usr/bin/cut		2 7 2
263/usr/bin/du		2 7 3
264/usr/bin/env		2 7 2
265/usr/bin/head		2 7 2
266/usr/bin/tail		2 7 2
267/usr/bin/install	2 8 4
268/usr/bin/link		2 6 4
269/usr/bin/logname	2 6 2
270/usr/bin/md5sum		2 8 3
271/usr/bin/mkfifo		2 6 10
272/usr/bin/nice		2 7 7
273/usr/bin/nohup		2 7 7
274/usr/bin/printf		2 7 1
275/usr/bin/readlink	2 7 3
276/usr/bin/seq		2 7 1
277/usr/bin/sha1sum	2 8 3
278/usr/bin/shred		2 7 3
279/usr/bin/sort		2 7 3
280/usr/bin/split		2 7 3
281/usr/bin/stat		2 7 4
282/usr/bin/sum		2 8 3
283/usr/bin/tac		2 7 3
284/usr/bin/tail		3 8 4
285/usr/bin/tee		2 7 3
286/usr/bin/test		2 8 4
287/usr/bin/touch		2 7 3
288/usr/bin/tr		2 8 3
289/usr/bin/tsort		2 7 3
290/usr/bin/tty		2 7 3
291/usr/bin/unexpand	2 7 3
292/usr/bin/uniq		2 7 3
293/usr/bin/unlink		2 8 4
294/usr/bin/uptime		2 7 3
295/usr/bin/users		2 8 4
296/usr/bin/vdir		2 8 4
297/usr/bin/wc		2 7 3
298/usr/bin/who		2 8 4
299/usr/bin/whoami		2 8 4
300/usr/bin/yes		1 6 1
301/usr/bin/ed		2 7 5
302/usr/bin/red		2 7 4
303/usr/bin/find		2 8 5
304/usr/bin/xargs		2 7 5
305/usr/bin/ispell		2 7 4
306/usr/bin/a2p		2 7 5
307/usr/bin/perlcc		2 7 5
308/usr/bin/perldoc	2 7 5
309/usr/bin/pod2*		2 7 5
310/usr/bin/prove		2 7 5
311/usr/bin/perl		2 10 7
312/usr/bin/perl*		2 10 7
313/usr/bin/suidperl	2 8 8
314/usr/bin/csh		2 8 8
315/usr/bin/tcsh		2 8 8
316/usr/bin/tree		2 6 5
317/usr/bin/last		2 7 5
318/usr/bin/lastb		2 7 5
319/usr/bin/utmpdump	2 6 5
320/usr/bin/alsamixer	2 6 8
321/usr/bin/amixer		2 6 8
322/usr/bin/amidi		2 6 8
323/usr/bin/aoss		2 6 8
324/usr/bin/aplay		2 6 8
325/usr/bin/aplaymidi	2 6 8
326/usr/bin/arecord	2 6 8
327/usr/bin/arecordmidi	2 6 8
328/usr/bin/aseqnet	2 6 8
329/usr/bin/aserver	2 6 8
330/usr/bin/iecset		2 6 8
331/usr/bin/rview		2 6 5
332/usr/bin/ex		2 7 5
333/usr/bin/enscript	2 6 5
334/usr/bin/genscript	2 6 5
335/usr/bin/xdelta		2 6 5
336/usr/bin/edit		2 6 5
337/usr/bin/vimtutor	2 6 5
338/usr/bin/rvim		2 6 5
339/usr/bin/vim		2 8 7
340/usr/bin/vimdiff	2 8 7
341/usr/bin/aspell		2 6 5
342/usr/bin/xxd		2 6 5
343/usr/bin/spell		2 6 5
344/usr/bin/eqn		2 6 5
345/usr/bin/eqn2graph	2 6 5
346/usr/bin/word-list-compress	2 6 4
347/usr/bin/afmtodit	2 6 4
348/usr/bin/hpf2dit	2 6 4
349/usr/bin/geqn		2 6 4
350/usr/bin/grn		2 6 4
351/usr/bin/grodvi		2 6 4
352/usr/bin/groff		2 6 5
353/usr/bin/groffer	2 6 4
354/usr/bin/grolj4		2 6 4
355/usr/bin/grotty		2 6 4
356/usr/bin/gtbl		2 6 4
357/usr/bin/pic2graph	2 6 4
358/usr/bin/indxbib	2 6 4
359/usr/bin/lkbib		2 6 4
360/usr/bin/lookbib	2 6 4
361/usr/bin/mmroff		2 6 4
362/usr/bin/neqn	  2 6 4
363/usr/bin/pfbtops	2 6 4
364/usr/bin/pic		2 6 4
365/usr/bin/tfmtodit	2 6 4
366/usr/bin/tbl		2 6 4
367/usr/bin/post-grohtml	2 6 4
368/usr/bin/pre-grohtml	2 6 4
369/usr/bin/refer		2 6 4
370/usr/bin/soelim		2 6 4
371/usr/bin/disable-paste	2 6 6
372/usr/bin/troff		2 6 4
373/usr/bin/strace-graph	2 6 4
374/usr/bin/gpm-root	2 6 7
375/usr/bin/hltest		2 6 7
376/usr/bin/mev		2 6 6
377/usr/bin/mouse-test	2 6 6
378/usr/bin/strace		2 8 9
379/usr/bin/scsiformat	2 7 10
380/usr/bin/lsscsi		2 7 7
381/usr/bin/scsiinfo	2 7 7
382/usr/bin/sg_*		2 7 7
383/usr/bin/build-classpath		2 6 6
384/usr/bin/build-classpath-directory	2 6 6
385/usr/bin/build-jar-repository		2 6 6
386/usr/bin/diff-jars			2 6 6
387/usr/bin/jvmjar				2 6 6
388/usr/bin/rebuild-jar-repository		2 6 6
389/usr/bin/scriptreplay	2 6 5
390/usr/bin/cal		2 6 3
391/usr/bin/chkdupexe	2 6 5
392/usr/bin/col		2 6 4
393/usr/bin/colcrt		2 6 4
394/usr/bin/colrm		2 6 3
395/usr/bin/column		2 6 4
396/usr/bin/cytune		2 6 6
397/usr/bin/ddate		2 6 3
398/usr/bin/fdformat	2 6 6
399/usr/bin/getopt		2 8 6
400/usr/bin/hexdump	2 6 4
401/usr/bin/hostid		2 6 4
402/usr/bin/ipcrm		2 7 7
403/usr/bin/ipcs		2 7 6
404/usr/bin/isosize	2 6 4
405/usr/bin/line		2 6 4
406/usr/bin/look		2 6 5
407/usr/bin/mcookie	2 7 5
408/usr/bin/mesg		2 6 4
409/usr/bin/namei		2 6 5
410/usr/bin/rename		2 6 5
411/usr/bin/renice		2 6 7
412/usr/bin/rev		2 6 5
413/usr/bin/script		2 6 6
414/usr/bin/ChangeSymlinks	2 8 8
415/usr/bin/setfdprm	2 6 7
416/usr/bin/setsid		2 6 3
417/usr/bin/setterm	2 6 5
418/usr/bin/tailf		2 6 4
419/usr/bin/time		2 6 4
420/usr/bin/ul		2 6 4
421/usr/bin/wall		2 6 5
422/usr/bin/whereis	2 6 4
423/usr/bin/which		2 6 3
424/usr/bin/c_rehash	2 7 6
425/usr/bin/openssl	2 8 6
426/usr/bin/lsdev		2 6 5
427/usr/bin/procinfo	2 6 5
428/usr/bin/socklist	2 6 5
429/usr/bin/filesize	2 6 3
430/usr/bin/linkto		2 6 3
431/usr/bin/mkinfodir	2 6 5
432/usr/bin/old		2 6 4
433/usr/bin/rpmlocate	2 6 5
434/usr/bin/safe-rm	2 8 6
435/usr/bin/safe-rmdir	2 8 6
436/usr/bin/setJava	2 6 1
437/usr/bin/vmstat		2 6 4
438/usr/bin/top		2 6 6
439/usr/bin/pinentry*	2 7 6
440/usr/bin/free		2 8 4
441/usr/bin/pmap		2 6 5
442/usr/bin/slabtop	2 6 4
443/usr/bin/tload		2 6 4
444/usr/bin/watch		2 6 3
445/usr/bin/w		2 6 4
446/usr/bin/pstree.x11	2 6 4
447/usr/bin/pstree		2 6 4
448/usr/bin/snice		2 6 6
449/usr/bin/skill		2 6 7
450/usr/bin/pgrep		2 6 4
451/usr/bin/killall	2 6 7
452/usr/bin/curl		2 7 7
453/usr/bin/slptool	2 7 8
454/usr/bin/ldap*		2 7 7
455/usr/bin/whatis		2 7 5