/apparmor/severity.db
Unknown | 455 lines | 453 code | 2 blank | 0 comment | 0 complexity | cb68bdacc93aa7d2715c8cb58728e8de MD5 | raw file
1# $Id$ 2# ------------------------------------------------------------------ 3# 4# Copyright (C) 2002-2005 Novell/SUSE 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of version 2 of the GNU General Public 8# License published by the Free Software Foundation. 9# 10# ------------------------------------------------------------------ 11 12# Allow this process to 0wn the machine: 13 CAP_SYS_ADMIN 10 14 CAP_SYS_CHROOT 10 15 CAP_SYS_MODULE 10 16 CAP_SYS_PTRACE 10 17 CAP_SYS_RAWIO 10 18# Allow other processes to 0wn the machine: 19 CAP_SETPCAP 9 20 CAP_CHOWN 9 21 CAP_FSETID 9 22 CAP_MKNOD 9 23 CAP_LINUX_IMMUTABLE 9 24 CAP_DAC_OVERRIDE 9 25 CAP_SETGID 9 26 CAP_SETUID 9 27 CAP_FOWNER 9 28# Denial of service, bypass audit controls, information leak 29 CAP_SYS_TIME 8 30 CAP_NET_ADMIN 8 31 CAP_SYS_RESOURCE 8 32 CAP_KILL 8 33 CAP_IPC_OWNER 8 34 CAP_SYS_PACCT 8 35 CAP_SYS_BOOT 8 36 CAP_NET_BIND_SERVICE 8 37 CAP_NET_RAW 8 38 CAP_SYS_NICE 8 39 CAP_LEASE 8 40 CAP_IPC_LOCK 8 41 CAP_SYS_TTY_CONFIG 8 42 CAP_DAC_READ_SEARCH 7 43 CAP_AUDIT_CONTROL 8 44 CAP_AUDIT_WRITE 8 45# unused 46 CAP_NET_BROADCAST 0 47 48# filename r w x 49# 'hard drives' are generally 4 10 0 50/**/lost+found/** 5 5 0 51/boot/** 7 10 0 52/etc/passwd* 4 8 0 53/etc/group* 4 8 0 54/etc/shadow* 7 9 0 55/etc/shadow* 7 9 0 56/home/*/.ssh/** 7 9 0 57/home/*/.gnupg/** 5 7 0 58/home/** 4 6 0 59/srv/** 4 6 0 60/proc/** 6 9 0 61/proc/sys/kernel/hotplug 2 10 0 62/proc/sys/kernel/modprobe 2 10 0 63/proc/kallsyms 7 0 0 64/sys/** 4 8 0 65/sys/power/state 2 8 0 66/sys/firmware/** 2 10 0 67/dev/pts/* 8 9 0 68/dev/ptmx 8 9 0 69/dev/pty* 8 9 0 70/dev/null 0 0 0 71/dev/adbmouse 3 8 0 72/dev/ataraid 9 10 0 73/dev/zero 0 0 0 74/dev/agpgart* 8 10 0 75/dev/aio 3 3 0 76/dev/cbd/* 5 5 0 77/dev/cciss/* 4 10 0 78/dev/capi* 4 6 0 79/dev/cfs0 4 10 0 80/dev/compaq/* 4 10 0 81/dev/cdouble* 4 8 0 82/dev/cpu** 5 5 0 83/dev/cpu**microcode 1 10 0 84/dev/double* 4 8 0 85/dev/hd* 4 10 0 86/dev/sd* 4 10 0 87/dev/ida/* 4 10 0 88/dev/input/* 4 8 0 89/dev/mapper/control 4 10 0 90/dev/*mem 8 10 0 91/dev/loop* 4 10 0 92/dev/lp* 0 4 0 93/dev/md* 4 10 0 94/dev/msr 4 10 0 95/dev/nb* 4 10 0 96/dev/ram* 8 10 0 97/dev/rd/* 4 10 0 98/dev/*random 3 1 0 99/dev/sbpcd* 4 0 0 100/dev/rtc 6 0 0 101/dev/sd* 4 10 0 102/dev/sc* 4 10 0 103/dev/sg* 4 10 0 104/dev/st* 4 10 0 105/dev/snd/* 3 8 0 106/dev/usb/mouse* 4 6 0 107/dev/usb/hid* 4 6 0 108/dev/usb/tty* 4 6 0 109/dev/tty* 8 9 0 110/dev/stderr 0 0 0 111/dev/stdin 0 0 0 112/dev/stdout 0 0 0 113/dev/ubd* 4 10 0 114/dev/usbmouse* 4 6 0 115/dev/userdma 8 10 0 116/dev/vcs* 8 9 0 117/dev/xta* 4 10 0 118/dev/zero 0 0 0 119/dev/inittcl 8 10 0 120/dev/log 5 7 0 121/etc/fstab 3 8 0 122/etc/mtab 3 5 0 123/etc/SuSEconfig/* 1 8 0 124/etc/X11/* 2 7 0 125/etc/X11/xinit/* 2 8 0 126/etc/SuSE-release 1 5 0 127/etc/issue* 1 3 0 128/etc/motd 1 3 0 129/etc/aliases.d/* 1 7 0 130/etc/cron* 1 9 0 131/etc/cups/* 2 7 0 132/etc/default/* 3 8 0 133/etc/init.d/* 1 10 0 134/etc/permissions.d/* 1 8 0 135/etc/ppp/* 2 6 0 136/etc/ppp/*secrets 8 6 0 137/etc/profile.d/* 1 8 0 138/etc/skel/* 0 7 0 139/etc/sysconfig/* 4 10 0 140/etc/xinetd.d/* 1 9 0 141/etc/termcap/* 1 4 0 142/etc/ld.so.* 1 9 0 143/etc/pam.d/* 3 9 0 144/etc/udev/* 3 9 0 145/etc/insserv.conf 3 6 0 146/etc/security/* 1 9 0 147/etc/securetty 0 7 0 148/etc/sudoers 4 9 0 149/etc/hotplug/* 2 10 0 150/etc/xinitd.conf 1 9 0 151/etc/gpm/* 2 10 0 152/etc/ssl/** 2 7 0 153/etc/shadow* 5 9 0 154/etc/bash.bashrc 1 9 0 155/etc/csh.cshrc 1 9 0 156/etc/csh.login 1 9 0 157/etc/inittab 1 10 0 158/etc/profile* 1 9 0 159/etc/shells 1 5 0 160/etc/alternatives 1 6 0 161/etc/sysctl.conf 3 7 0 162/etc/dev.d/* 1 8 0 163/etc/manpath.config 1 6 0 164/etc/permissions* 1 8 0 165/etc/evms.conf 3 8 0 166/etc/exports 3 8 0 167/etc/samba/* 5 8 0 168/etc/ssh/* 3 8 0 169/etc/ssh/ssh_host_*key 8 8 0 170/etc/krb5.conf 4 8 0 171/etc/ntp.conf 3 8 0 172/etc/auto.* 3 8 0 173/etc/postfix/* 3 7 0 174/etc/postfix/*passwd* 6 7 0 175/etc/postfix/*cert* 6 7 0 176/etc/foomatic/* 3 5 0 177/etc/printcap 3 5 0 178/etc/youservers 4 9 0 179/etc/grub.conf 7 10 0 180/etc/modules.conf 4 10 0 181/etc/resolv.conf 2 7 0 182/etc/apache2/** 3 7 0 183/etc/apache2/**ssl** 7 7 0 184/etc/subdomain.d/** 6 10 0 185/etc/apparmor.d/** 6 10 0 186/etc/apparmor/** 6 10 0 187/var/log/** 3 8 0 188/var/adm/SuSEconfig/** 3 8 0 189/var/adm/** 3 7 0 190/var/lib/rpm/** 4 8 0 191/var/run/nscd/* 3 3 0 192/var/run/.nscd_socket 3 3 0 193/usr/share/doc/** 1 1 0 194/usr/share/man/** 3 5 0 195/usr/X11/man/** 3 5 0 196/usr/share/info/** 2 4 0 197/usr/share/java/** 2 5 0 198/usr/share/locale/** 2 4 0 199/usr/share/sgml/** 2 4 0 200/usr/share/YaST2/** 3 9 0 201/usr/share/ghostscript/** 3 5 0 202/usr/share/terminfo/** 1 8 0 203/usr/share/latex2html/** 2 4 0 204/usr/share/cups/** 5 6 0 205/usr/share/susehelp/** 2 6 0 206/usr/share/susehelp/cgi-bin/** 3 7 7 207/usr/share/zoneinfo/** 2 7 0 208/usr/share/zsh/** 3 6 0 209/usr/share/vim/** 3 8 0 210/usr/share/groff/** 3 7 0 211/usr/share/vnc/** 3 8 0 212/usr/share/wallpapers/** 2 4 0 213/usr/X11** 3 8 5 214/usr/X11*/bin/XFree86 3 8 8 215/usr/X11*/bin/Xorg 3 8 8 216/usr/X11*/bin/sux 3 8 8 217/usr/X11*/bin/xconsole 3 7 7 218/usr/X11*/bin/xhost 3 7 7 219/usr/X11*/bin/xauth 3 7 7 220/usr/X11*/bin/ethereal 3 6 8 221/usr/lib/ooo-** 3 6 5 222/usr/lib/lsb/** 2 8 8 223/usr/lib/pt_chwon 2 8 5 224/usr/lib/tcl** 2 5 3 225/usr/lib/lib*so* 3 8 4 226/usr/lib/iptables/* 2 8 2 227/usr/lib/perl5/** 4 10 6 228/usr/lib/gconv/* 4 7 4 229/usr/lib/locale/** 4 8 0 230/usr/lib/jvm/** 5 7 5 231/usr/lib/sasl*/** 5 8 4 232/usr/lib/jvm-exports/** 5 7 5 233/usr/lib/jvm-private/** 5 7 5 234/usr/lib/python*/** 5 7 5 235/usr/lib/libkrb5* 4 8 4 236/usr/lib/postfix/* 4 7 4 237/usr/lib/rpm/** 4 8 6 238/usr/lib/rpm/gnupg/** 4 9 0 239/usr/lib/apache2** 4 7 4 240/usr/lib/mailman/** 4 6 4 241/usr/bin/ldd 1 7 4 242/usr/bin/netcat 5 7 8 243/usr/bin/clear 2 6 3 244/usr/bin/reset 2 6 3 245/usr/bin/tput 2 6 3 246/usr/bin/tset 2 6 3 247/usr/bin/file 2 6 3 248/usr/bin/ftp 3 7 5 249/usr/bin/busybox 4 8 6 250/usr/bin/rbash 4 8 5 251/usr/bin/screen 3 6 5 252/usr/bin/getfacl 3 7 4 253/usr/bin/setfacl 3 7 9 254/usr/bin/*awk* 3 7 7 255/usr/bin/sudo 2 9 10 256/usr/bin/lsattr 2 6 5 257/usr/bin/chattr 2 7 8 258/usr/bin/sed 3 7 6 259/usr/bin/grep 2 7 2 260/usr/bin/chroot 2 6 10 261/usr/bin/dircolors 2 9 3 262/usr/bin/cut 2 7 2 263/usr/bin/du 2 7 3 264/usr/bin/env 2 7 2 265/usr/bin/head 2 7 2 266/usr/bin/tail 2 7 2 267/usr/bin/install 2 8 4 268/usr/bin/link 2 6 4 269/usr/bin/logname 2 6 2 270/usr/bin/md5sum 2 8 3 271/usr/bin/mkfifo 2 6 10 272/usr/bin/nice 2 7 7 273/usr/bin/nohup 2 7 7 274/usr/bin/printf 2 7 1 275/usr/bin/readlink 2 7 3 276/usr/bin/seq 2 7 1 277/usr/bin/sha1sum 2 8 3 278/usr/bin/shred 2 7 3 279/usr/bin/sort 2 7 3 280/usr/bin/split 2 7 3 281/usr/bin/stat 2 7 4 282/usr/bin/sum 2 8 3 283/usr/bin/tac 2 7 3 284/usr/bin/tail 3 8 4 285/usr/bin/tee 2 7 3 286/usr/bin/test 2 8 4 287/usr/bin/touch 2 7 3 288/usr/bin/tr 2 8 3 289/usr/bin/tsort 2 7 3 290/usr/bin/tty 2 7 3 291/usr/bin/unexpand 2 7 3 292/usr/bin/uniq 2 7 3 293/usr/bin/unlink 2 8 4 294/usr/bin/uptime 2 7 3 295/usr/bin/users 2 8 4 296/usr/bin/vdir 2 8 4 297/usr/bin/wc 2 7 3 298/usr/bin/who 2 8 4 299/usr/bin/whoami 2 8 4 300/usr/bin/yes 1 6 1 301/usr/bin/ed 2 7 5 302/usr/bin/red 2 7 4 303/usr/bin/find 2 8 5 304/usr/bin/xargs 2 7 5 305/usr/bin/ispell 2 7 4 306/usr/bin/a2p 2 7 5 307/usr/bin/perlcc 2 7 5 308/usr/bin/perldoc 2 7 5 309/usr/bin/pod2* 2 7 5 310/usr/bin/prove 2 7 5 311/usr/bin/perl 2 10 7 312/usr/bin/perl* 2 10 7 313/usr/bin/suidperl 2 8 8 314/usr/bin/csh 2 8 8 315/usr/bin/tcsh 2 8 8 316/usr/bin/tree 2 6 5 317/usr/bin/last 2 7 5 318/usr/bin/lastb 2 7 5 319/usr/bin/utmpdump 2 6 5 320/usr/bin/alsamixer 2 6 8 321/usr/bin/amixer 2 6 8 322/usr/bin/amidi 2 6 8 323/usr/bin/aoss 2 6 8 324/usr/bin/aplay 2 6 8 325/usr/bin/aplaymidi 2 6 8 326/usr/bin/arecord 2 6 8 327/usr/bin/arecordmidi 2 6 8 328/usr/bin/aseqnet 2 6 8 329/usr/bin/aserver 2 6 8 330/usr/bin/iecset 2 6 8 331/usr/bin/rview 2 6 5 332/usr/bin/ex 2 7 5 333/usr/bin/enscript 2 6 5 334/usr/bin/genscript 2 6 5 335/usr/bin/xdelta 2 6 5 336/usr/bin/edit 2 6 5 337/usr/bin/vimtutor 2 6 5 338/usr/bin/rvim 2 6 5 339/usr/bin/vim 2 8 7 340/usr/bin/vimdiff 2 8 7 341/usr/bin/aspell 2 6 5 342/usr/bin/xxd 2 6 5 343/usr/bin/spell 2 6 5 344/usr/bin/eqn 2 6 5 345/usr/bin/eqn2graph 2 6 5 346/usr/bin/word-list-compress 2 6 4 347/usr/bin/afmtodit 2 6 4 348/usr/bin/hpf2dit 2 6 4 349/usr/bin/geqn 2 6 4 350/usr/bin/grn 2 6 4 351/usr/bin/grodvi 2 6 4 352/usr/bin/groff 2 6 5 353/usr/bin/groffer 2 6 4 354/usr/bin/grolj4 2 6 4 355/usr/bin/grotty 2 6 4 356/usr/bin/gtbl 2 6 4 357/usr/bin/pic2graph 2 6 4 358/usr/bin/indxbib 2 6 4 359/usr/bin/lkbib 2 6 4 360/usr/bin/lookbib 2 6 4 361/usr/bin/mmroff 2 6 4 362/usr/bin/neqn 2 6 4 363/usr/bin/pfbtops 2 6 4 364/usr/bin/pic 2 6 4 365/usr/bin/tfmtodit 2 6 4 366/usr/bin/tbl 2 6 4 367/usr/bin/post-grohtml 2 6 4 368/usr/bin/pre-grohtml 2 6 4 369/usr/bin/refer 2 6 4 370/usr/bin/soelim 2 6 4 371/usr/bin/disable-paste 2 6 6 372/usr/bin/troff 2 6 4 373/usr/bin/strace-graph 2 6 4 374/usr/bin/gpm-root 2 6 7 375/usr/bin/hltest 2 6 7 376/usr/bin/mev 2 6 6 377/usr/bin/mouse-test 2 6 6 378/usr/bin/strace 2 8 9 379/usr/bin/scsiformat 2 7 10 380/usr/bin/lsscsi 2 7 7 381/usr/bin/scsiinfo 2 7 7 382/usr/bin/sg_* 2 7 7 383/usr/bin/build-classpath 2 6 6 384/usr/bin/build-classpath-directory 2 6 6 385/usr/bin/build-jar-repository 2 6 6 386/usr/bin/diff-jars 2 6 6 387/usr/bin/jvmjar 2 6 6 388/usr/bin/rebuild-jar-repository 2 6 6 389/usr/bin/scriptreplay 2 6 5 390/usr/bin/cal 2 6 3 391/usr/bin/chkdupexe 2 6 5 392/usr/bin/col 2 6 4 393/usr/bin/colcrt 2 6 4 394/usr/bin/colrm 2 6 3 395/usr/bin/column 2 6 4 396/usr/bin/cytune 2 6 6 397/usr/bin/ddate 2 6 3 398/usr/bin/fdformat 2 6 6 399/usr/bin/getopt 2 8 6 400/usr/bin/hexdump 2 6 4 401/usr/bin/hostid 2 6 4 402/usr/bin/ipcrm 2 7 7 403/usr/bin/ipcs 2 7 6 404/usr/bin/isosize 2 6 4 405/usr/bin/line 2 6 4 406/usr/bin/look 2 6 5 407/usr/bin/mcookie 2 7 5 408/usr/bin/mesg 2 6 4 409/usr/bin/namei 2 6 5 410/usr/bin/rename 2 6 5 411/usr/bin/renice 2 6 7 412/usr/bin/rev 2 6 5 413/usr/bin/script 2 6 6 414/usr/bin/ChangeSymlinks 2 8 8 415/usr/bin/setfdprm 2 6 7 416/usr/bin/setsid 2 6 3 417/usr/bin/setterm 2 6 5 418/usr/bin/tailf 2 6 4 419/usr/bin/time 2 6 4 420/usr/bin/ul 2 6 4 421/usr/bin/wall 2 6 5 422/usr/bin/whereis 2 6 4 423/usr/bin/which 2 6 3 424/usr/bin/c_rehash 2 7 6 425/usr/bin/openssl 2 8 6 426/usr/bin/lsdev 2 6 5 427/usr/bin/procinfo 2 6 5 428/usr/bin/socklist 2 6 5 429/usr/bin/filesize 2 6 3 430/usr/bin/linkto 2 6 3 431/usr/bin/mkinfodir 2 6 5 432/usr/bin/old 2 6 4 433/usr/bin/rpmlocate 2 6 5 434/usr/bin/safe-rm 2 8 6 435/usr/bin/safe-rmdir 2 8 6 436/usr/bin/setJava 2 6 1 437/usr/bin/vmstat 2 6 4 438/usr/bin/top 2 6 6 439/usr/bin/pinentry* 2 7 6 440/usr/bin/free 2 8 4 441/usr/bin/pmap 2 6 5 442/usr/bin/slabtop 2 6 4 443/usr/bin/tload 2 6 4 444/usr/bin/watch 2 6 3 445/usr/bin/w 2 6 4 446/usr/bin/pstree.x11 2 6 4 447/usr/bin/pstree 2 6 4 448/usr/bin/snice 2 6 6 449/usr/bin/skill 2 6 7 450/usr/bin/pgrep 2 6 4 451/usr/bin/killall 2 6 7 452/usr/bin/curl 2 7 7 453/usr/bin/slptool 2 7 8 454/usr/bin/ldap* 2 7 7 455/usr/bin/whatis 2 7 5