AppArmor audit logs ... what does this mean?

14.04 apparmor cups-lpd
19,032

First, it means that you should read man -k apparmor, and the man pages.

Second, the apparmor="STATUS" shows that this is a Status report, reporting on a "profile_replace" operation, replacing the current apparmor profile with the profile="unconfined" profile, on behalf of name="/usr/lib/cups/backend/cups-pdf" pid=31430, name="/usr/sbin/cupsd" pid=31430 and name="/usr/sbin/cupsd" pid=31430, using the apparmor_parser (see man apparmor_parser) command.

In English, the is CUPS - Common Unix Printing System telling AppArmor it wants to execute in the old, "unconfined", "AppArmor don't bother me", mode used by programs that have not adapted to life with AppArmor, yet.

For more information about AppArmor, see What Is AppArmor?" https://askubuntu.com/questions/236381/what-is-apparmor?rq=1

You do not need to be worried, but a certain level of concern is always appropriate.

Share:
19,032

Related videos on Youtube

boozedog
Author by

boozedog

Updated on September 18, 2022

Comments

  • boozedog
    boozedog over 1 year 
     1 Time(s): audit: type=1400 audit(1473854574.089:113): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=31430 comm="apparmor_parser"

 1 Time(s): audit: type=1400 audit(1473854574.089:114): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=31430 comm="apparmor_parser"

 1 Time(s): audit: type=1400 audit(1473854574.089:115): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=31430 comm="apparmor_parser"

    Should I be worried?

    I'm running Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-36-generic x86_64)

    • Mark A
      Mark A over 7 years
      For us, this was a hack attempt. He got unpreviledged access to mysql via this account.
  • boozedog
    boozedog over 7 years
    Thanks for your response. Sounds like the version of CUPS that ships with 14.04.5 is not AppArmor friendly. I don't do any printing on this machine so I'll just uninstall it.
  • sarnold
    sarnold over 3 years
    The profile="unconfined" part simply means the apparmor_parser process wasn't itself confined.
  • goo
    goo over 2 years
    Consider how one would distribute a new security tool that will kill a process if it breaks the Rules, but lets/requires developers (for each package) to provide the Rules. The "unconfined" profile lets developers who haven't provided Rules, or gotten their package to "work" with apparmor, get along for now. In the fullness of time, "unconfined" will go away, apparmor will Rule the World. And nothing will work.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Mysql on Ubuntu 14.04 problem with AppArmor permissions for data directory
How to fix apparmor="DENIED" for telepathy-mission-control-5 under Ubuntu 14.04?
Contain Docker Engine with AppArmor
How to disable CUPS printer server permanently
Printing service not available
Touchpad not working on Acer Aspire One Cloudbook 11
Getting an Oculus Rift DK2 set up with Ubuntu 14.04
How to install all the Compiz plugins (excepting those which are unsupported or experimental) on Ubuntu 14.04?
Unable to install wine on ubuntu 14.04 lts
Connecting laptop to LCD TV using HDMI