AI Assist ubuntu newbie asking about firejail

R3j3ct

Level 1
Thread author
May 12, 2023
22
being a newbie in ubuntu 22.04 lts with pro enabled, i got ufw, apparmor, vpn setup with killswitch. is there any need for firejail, please list pros and cons of it
 
  • Like
Reactions: wat0114

R3j3ct

Level 1
Thread author
May 12, 2023
22
ok let's try this

@Bot being a newbie in ubuntu 22.04 lts with pro enabled, i got ufw, apparmor, vpn setup with killswitch. is there any need for firejail, please list pros and cons of it
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
619
Hi @R3j3ct

Firejail can be very useful, especially depending upon which profiles you have enforced with Apparmor. Could you please open a Terminal and type:

Code:
sudo apparmor_status

and enter, then post results of which profiles are in "enforce mode".

EDIT:

since our resident Bot hasn't responded to your request, I figured I would :)
 
Last edited:

R3j3ct

Level 1
Thread author
May 12, 2023
22
hi wat0114,
Thanks for your response. have been doing some updating and somethings with apparmor & firejail from tutorial's i been watching on YouTube. Mainly from Null Byte & Chris Titus Tech.


but as of know here is output:

apparmor module is loaded.
78 profiles are loaded.
78 profiles are in enforce mode.
/snap/core/14946/usr/lib/snapd/snap-confine
/snap/core/14946/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/19122/usr/lib/snapd/snap-confine
/snap/snapd/19122/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/19361/usr/lib/snapd/snap-confine
/snap/snapd/19361/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince//sanitized_helper
/usr/bin/freshclam
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/clamd
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/{,usr/}sbin/dhclient
avahi-daemon
dnsmasq
dnsmasq//libvirt_leaseshelper
firejail-default
identd
klogd
libreoffice-oosplash
libreoffice-senddoc
libreoffice-soffice
libreoffice-soffice//gpg
libreoffice-xpdfimport
lsb_release
man_filter
man_groff
mdnsd
nmbd
nscd
nvidia_modprobe
nvidia_modprobe//kmod
php-fpm
ping
rsyslogd
samba-bgqd
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
snap-update-ns.canonical-livepatch
snap-update-ns.core
snap-update-ns.firefox
snap-update-ns.snap-store
snap-update-ns.snapd-desktop-integration
snap.canonical-livepatch.canonical-livepatch
snap.canonical-livepatch.canonical-livepatchd
snap.canonical-livepatch.hook.configure
snap.canonical-livepatch.hook.connect-plug-etc-update-motd-d
snap.canonical-livepatch.hook.disconnect-plug-etc-update-motd-d
snap.canonical-livepatch.hook.remove
snap.core.hook.configure
snap.firefox.firefox
snap.firefox.geckodriver
snap.firefox.hook.configure
snap.firefox.hook.connect-plug-host-hunspell
snap.firefox.hook.disconnect-plug-host-hunspell
snap.firefox.hook.post-refresh
snap.snap-store.hook.configure
snap.snap-store.snap-store
snap.snap-store.ubuntu-software
snap.snap-store.ubuntu-software-local-file
snap.snapd-desktop-integration.hook.configure
snap.snapd-desktop-integration.snapd-desktop-integration
syslog-ng
syslogd
tcpdump
traceroute
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
22 processes have profiles defined.
22 processes are in enforce mode.
/usr/bin/freshclam (1194)
/usr/sbin/clamd (976)
/usr/sbin/cups-browsed (1195)
/usr/sbin/cupsd (1098)
/usr/sbin/avahi-daemon (938) avahi-daemon
/usr/sbin/avahi-daemon (983) avahi-daemon
/usr/sbin/rsyslogd (966) rsyslogd
/snap/canonical-livepatch/229/canonical-livepatchd (1100) snap.canonical-livepatch.canonical-livepatchd
/snap/firefox/2710/usr/lib/firefox/firefox (5716) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (5884) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (5908) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6029) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6139) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6239) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6324) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6351) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6380) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6382) snap.firefox.firefox
/snap/firefox/2710/usr/lib/firefox/firefox (6796) snap.firefox.firefox
/snap/snap-store/959/usr/bin/snap-store (2243) snap.snap-store.ubuntu-software
/snap/snapd-desktop-integration/83/usr/bin/snapd-desktop-integration (2418) snap.snapd-desktop-integration.snapd-desktop-integration
/snap/snapd-desktop-integration/83/usr/bin/snapd-desktop-integration (2494) snap.snapd-desktop-integration.snapd-desktop-integration
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
 
Last edited:
  • Like
Reactions: wat0114

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
619
That is a lot of applications being enforced by Apparmor (y) Most important for me is the primary browser being enforced, and because you are browsing with Firefox, then you don't need Firejail, since it already is being enforced by Apparmor. Just curious, were those profiles included with the Ubuntu distro you're using?
 
  • Like
Reactions: R3j3ct

R3j3ct

Level 1
Thread author
May 12, 2023
22
No, at first it was only like 56-58 profiles, I got it to where it is now by doing these commands.

Commands used to get:

sudo apt-get install apparmor-profiles apparmor-utils

Then to enforce the profiles i did:

sudo aa-enforce /etc/apparmor.d/*
 
  • Like
Reactions: wat0114

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top