Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: AppArmor Java Google Chrome FireFox profile question

  1. #11
    Join Date
    Mar 2011
    Beans
    701

    Re: AppArmor Java Google Chrome FireFox profile question

    You need to run aa-logprof as sudo (so 'sudo aa-logprof) or you won't be able to commit the changes.

    home/*/.java/deployment/cache/** rm,

    You can put that rule in there.

    Are you on 32bit Ubuntu? That would explain the issues. My rules are for 64bit so I gave access to 64bit libraries. You're on 32bit so you need to give access to 32bit libraries.
    sig

  2. #12
    Join Date
    Aug 2012
    Beans
    47

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by Hungry Man View Post
    You need to run aa-logprof as sudo (so 'sudo aa-logprof) or you won't be able to commit the changes.

    home/*/.java/deployment/cache/** rm,

    You can put that rule in there.

    Are you on 32bit Ubuntu? That would explain the issues. My rules are for 64bit so I gave access to 64bit libraries. You're on 32bit so you need to give access to 32bit libraries.






    Yep, that explain the hole thing,I am using 32 bit. Hungry, your profile thats only for Java 7 oracle is also only for 64 bit or it would work also for 32 bit?

    I am able to put your Java 7 oracle profile in enforce mode. But I cant login to the poker room, it blocks java plugin I think. So I try to put it in complain mode and then use sudo aa-logprof.

    And this is my output:

    Reading log entries from /var/log/syslog.
    Updating AppArmor profiles in /etc/apparmor.d.

    But does not give me the options for allow or denied rules, I mean, nothing happends.

    I am trying to use, Chronomatic KodiacZiller firefox profile, and your hungry Java 7 oracle profile.

    I also tried to include line:

    home/*/.java/deployment/cache/** rm,


    in your Java 7 Oracle profile, but it wont do the trick, I still cant login to the poker room, it blocks java.

  3. #13
    Join Date
    Mar 2011
    Beans
    701

    Re: AppArmor Java Google Chrome FireFox profile question

    64bit or 32bit Java should not make much difference they store their libraries in the same area and I gave full read/mmap access to that directory.

    Chrome uses shared libraries. On 32bit it'll use the 32bit libs on 64bit it uses 64bit libs. That's the issue.

    Not sure why the Java profile isn't working.
    sig

  4. #14
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by WhiteHatGuy View Post
    I am trying to use, Chronomatic KodiacZiller firefox profile, and your hungry Java 7 oracle profile.
    You should probably use either Hungry's profiles or mine. You shouldn't mix them.

    The main difference in our profiles is Hungry defines each shared library separately. I tried doing this at first as well, but found out that Chrome needs access to so many .so's that it is much easier (and probably just as secure) to use the base abstraction to cover it. In your case, it would have been best to use the base abstraction since HM wrote his profile for 64 bit. I suggest you start over from scratch (build your own) or use my profile which uses the abstraction to cover those libs.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  5. #15
    Join Date
    Dec 2011
    Location
    Manchester, UK
    Beans
    356
    Distro
    Ubuntu

    Re: AppArmor Java Google Chrome FireFox profile question

    Do you mind if I just but in a little, and say that while configuring apparmor is all nice and great, I'm not convinced it is a suitable measure for the OP.

    OP claimed that they should try and use apparmor to protect themselves from cheating crooks.

    Hon, apparmor is designed to protect programs such as browsers and printing utilities from zero day exploitations using sandboxing. That has nothing to do with a crook hacking the server.

    I suggest you don't play the game if you're in doubt of their security.

    But carry on debugging apparmor I never got my Chrome profile working. Maybe you'll have more luck.
    Read my technology blog at: http://penguincampaigner.wordpress.com

  6. #16
    Join Date
    Aug 2012
    Beans
    47

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by rookcifer View Post
    You should probably use either Hungry's profiles or mine. You shouldn't mix them.

    The main difference in our profiles is Hungry defines each shared library separately. I tried doing this at first as well, but found out that Chrome needs access to so many .so's that it is much easier (and probably just as secure) to use the base abstraction to cover it. In your case, it would have been best to use the base abstraction since HM wrote his profile for 64 bit. I suggest you start over from scratch (build your own) or use my profile which uses the abstraction to cover those libs.




    Hi, thanks for the links and tutorials, very very helpfull

    The reason I mixed profiles is because in your site sais for firefox profile:

    This profile will only work for OpenJDK (and IcedTea) and *not* Oracle's Java. OpenJDK comes with Ubuntu, so if you are using the defaults, then you will be fine here.

    This only works with OpenJDK-7. If you use v. 6 for some odd reason, then you will need to replace all the 7's in the profile.

    Thats why I was trying to use Hungry Man profile cause I was using Java Oracle 7, and your profile is not build for it.


    But its ok, I am going to use OpenJDK 7 (and IcedTea), so I can use your profiles.

    But I have one question, wich version has to be the IcedTea?

    Thing is that with Lubuntu, I install OpenJDK 7, so far so good, but when I install IcedTea from repositories. Automatically install OpenJDK 6 and IcedTea 6. I think version 7 hasent been release so far. I am not shure.

    Can you tell me please how and what order to install things, so your profiles for firefox works good with no holes or leaks or vulnerabilities?





    I also tried your Google Chrome profile, you say is for 32 bits, thats great, but it happends the same behavior that Hungry Man profile. When I click or shortcut or tried to open google chrome, nothing happens and wont open.



    LOL I been study all the things you guys has been telling me here. I am still learning

  7. #17
    Join Date
    Aug 2012
    Beans
    47

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by 0011235813 View Post
    Do you mind if I just but in a little, and say that while configuring apparmor is all nice and great, I'm not convinced it is a suitable measure for the OP.

    OP claimed that they should try and use apparmor to protect themselves from cheating crooks.

    Hon, apparmor is designed to protect programs such as browsers and printing utilities from zero day exploitations using sandboxing. That has nothing to do with a crook hacking the server.

    I suggest you don't play the game if you're in doubt of their security.

    But carry on debugging apparmor I never got my Chrome profile working. Maybe you'll have more luck.









    Sorry for grammar, spelling errors. English is not my native language.

    Of course, sandboxing the poker room makes a huge diference, the same thing using a VPN that changes your IP and encrypt your connection. Ive been fighting against Party Poker crooks (Ruth Parasol etc), 10 years of my life now. Their games are Rigged.
    What means this is no matter how good you are at poker, if they decide to play you unfairly. You have not a chance. Is like playing poker with someone who can see your cards.

    Their system works like a lottery, who gives winning hands to the hot IP addresses. If the system checks your IP address and other factors, like if you are depositing money to their poker room, and decide to give you winnings. No matter how bad you play, you will win session after session. But they let you win a little bit or some for some time, so you get hooked up, then they stop give you winnings, so you go and make another deposit of $20, that is the minimum. And so on. On the other hand if system checks your IP, checks if you are not making deposits to the poker room and other factors and decide to fuc* you up, and say, hey this guy is not making any deposits for ten years straight now. Its not bringing any money to our poker room, ok then, lets rigged the deck for him. And they provide you with a rigged game.

    So what happends is that when you sand box the poker room in a low privileges enviroment, for example with comodo CIS, (untrusted level), the random number generator, or the poker room, starts to give you, winning hands. But does not end there. Thats where hacking time beggings. They start to use inject code, global hooks, rootkits, etc etc etc. At they always get away with it, sometimes takes minutes, sometime hours, rarely days or weeks, to crack the thing. Depends on how tight your security is, and like they say on the chat to his hacking criminal thiefs friends, YOU DO THE CRACKING, I take care of the rest. For example EmsisoftAntiMalware, has my poker room clasified as malware, if I scan my computer with windows, and party poker its installed, Emsisoft gives you the warning and make a complete removal of the poker room. The hole thing is completely full of malware. So they can cheat their customers. Who blindly trust them.

    Same applies if you use VPN when you connect to the poker room. No matter how bad you play you are probably are going to win pot after pot, session after session.
    But like I said, hacking time beggings. When you use a vpn, they have no other choice to disconnect you. And the disconnection I think it happends from their side. So they dont need to hack your machine in order to disconnect you.

    Is like if your ISP want you to disconnect your internet connection, there is nothing you can do. You can make your OS a bullet proof against hackers, that if your ISP decide to disconect you, is the end of story.

    I test this for over 10 years now on windows. And now I decide to make the same thing but in linux, and see what happends. Is my little experiment.

    I am pretty shure that some one with high knowledge of linux security stuff, will bring to these crooks, extremely hard times and nightmares.

    But I am no pro on linux security. Just learning

  8. #18
    Join Date
    Dec 2011
    Location
    Manchester, UK
    Beans
    356
    Distro
    Ubuntu

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by WhiteHatGuy View Post
    Sorry for grammar, spelling errors. English is not my native language.

    Of course, sandboxing the poker room makes a huge diference, the same thing using a VPN that changes your IP and encrypt your connection. Ive been fighting against Party Poker crooks (Ruth Parasol etc), 10 years of my life now. Their games are Rigged.
    What means this is no matter how good you are at poker, if they decide to play you unfairly. You have not a chance. Is like playing poker with someone who can see your cards.

    Their system works like a lottery, who gives winning hands to the hot IP addresses. If the system checks your IP address and other factors, like if you are depositing money to their poker room, and decide to give you winnings. No matter how bad you play, you will win session after session. But they let you win a little bit or some for some time, so you get hooked up, then they stop give you winnings, so you go and make another deposit of $20, that is the minimum. And so on. On the other hand if system checks your IP, checks if you are not making deposits to the poker room and other factors and decide to fuc* you up, and say, hey this guy is not making any deposits for ten years straight now. Its not bringing any money to our poker room, ok then, lets rigged the deck for him. And they provide you with a rigged game.

    So what happends is that when you sand box the poker room in a low privileges enviroment, for example with comodo CIS, (untrusted level), the random number generator, or the poker room, starts to give you, winning hands. But does not end there. Thats where hacking time beggings. They start to use inject code, global hooks, rootkits, etc etc etc. At they always get away with it, sometimes takes minutes, sometime hours, rarely days or weeks, to crack the thing. Depends on how tight your security is, and like they say on the chat to his hacking criminal thiefs friends, YOU DO THE CRACKING, I take care of the rest. For example EmsisoftAntiMalware, has my poker room clasified as malware, if I scan my computer with windows, and party poker its installed, Emsisoft gives you the warning and make a complete removal of the poker room. The hole thing is completely full of malware. So they can cheat their customers. Who blindly trust them.

    Same applies if you use VPN when you connect to the poker room. No matter how bad you play you are probably are going to win pot after pot, session after session.
    But like I said, hacking time beggings. When you use a vpn, they have no other choice to disconnect you. And the disconnection I think it happends from their side. So they dont need to hack your machine in order to disconnect you.

    Is like if your ISP want you to disconnect your internet connection, there is nothing you can do. You can make your OS a bullet proof against hackers, that if your ISP decide to disconect you, is the end of story.

    I test this for over 10 years now on windows. And now I decide to make the same thing but in linux, and see what happends. Is my little experiment.

    I am pretty shure that some one with high knowledge of linux security stuff, will bring to these crooks, extremely hard times and nightmares.

    But I am no pro on linux security. Just learning
    That sounds like a very dodgy company you're describing there. I really wouldn't waste your time with such a shoddy company, there must be better poker companies out there.

    In any case, what platform you are accessing the service on (Be it Linux, Windows, OSX whatever) is irrelevant if the company discriminates based on IP address (this is what you're trying to say I assume?). You're better off with a proxy or VPN service, based on what you've told me (as opposed to apparmor).

    Anyway, I'm not a native English speaker either. I'm curious as to what you're native language happens to be? Hope I don't sound rude saying that.
    Read my technology blog at: http://penguincampaigner.wordpress.com

  9. #19
    Join Date
    Aug 2012
    Beans
    47

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by 0011235813 View Post
    That sounds like a very dodgy company you're describing there. I really wouldn't waste your time with such a shoddy company, there must be better poker companies out there.

    In any case, what platform you are accessing the service on (Be it Linux, Windows, OSX whatever) is irrelevant if the company discriminates based on IP address (this is what you're trying to say I assume?). You're better off with a proxy or VPN service, based on what you've told me (as opposed to apparmor).

    Anyway, I'm not a native English speaker either. I'm curious as to what you're native language happens to be? Hope I don't sound rude saying that.


    Yep, the VPN totally do the trick, but they can tell when you use it. For example a long time ago, I use two VPNs at same time. And they had hard times, because they where able to disconect me from one, but the other one was still there. And they get really mad, they put on chat ffs, or hh or !!, or its again that bullshi* of tts. That was describing I was using 2 VPNs, thats why the 2 letters ff. They got really mad when I was doing that. But somehow they figure it out how to crack it, at the end, it just take them several weeks. If I was able to not get disconnected from VPN, it would work like a charm, because the system send you wins at a ridiculios amounts of times.

    But like I said I think the disconnection happends from their side, cause when they disconnect me, only the poker room lose internet connection, but if I surf the internet in my browser everything works fine. I think that it does not matter how tight my security system is. They had the power to disconnect me from the poker room, from where they are cheating. I dont think there is to much I can do about it. Again I could be wrong. I am no security expert. But I know the hole site is a scam.


    My native language is spanish

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •