guard netfilter rules through auditd or via chattr +iu #521

c3ph3us · 2016-03-27T19:38:55Z

how now afwall guards rules ?

simple flush of rules on any table is not affecting afwall ...
have you consider simple using chattr +iu on rules? through auditd? https://android.googlesource.com/platform/system/core/+/master/logd/README.auditd

c3ph3us · 2016-03-31T02:13:31Z

so im so dumb or this is some magic on my api (23)???

$ iptables -F -t nat
$ dmesg | grep 'audit'
[10379.457290] [0: logd.auditd: 291] type=1325 audit(1459390106.269:827): table=nat family=2 entries=11
[10379.458613] [0: logd.auditd: 291] type=1300 audit(1459390106.269:827): arch=40000028 syscall=294 per=800008 success=yes exit=0 a0=5 a1=0 a2=40 a3=b6ba8000 items=0 ppid=4644 pid=4733 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts4 ses=4294967295 comm="iptables" exe="/system/bin/iptables" subj=u:r:init:s0 key=(null)
[10379.459069] [0: logd.auditd: 291] type=1320 audit(1459390106.269:827):

and maybe this will help somehow
https://github.com/ashishb/android-security-awesome

ukanth · 2016-03-31T04:30:18Z

I will have a look of this later.

ukanth added the Feature label Mar 31, 2016

c3ph3us changed the title ~~some security matters~~ guard netfilter rules through auditd or via chattr +iu Apr 8, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

guard netfilter rules through auditd or via chattr +iu #521

guard netfilter rules through auditd or via chattr +iu #521

c3ph3us commented Mar 27, 2016

c3ph3us commented Mar 31, 2016

ukanth commented Mar 31, 2016

guard netfilter rules through auditd or via chattr +iu #521

guard netfilter rules through auditd or via chattr +iu #521

Comments

c3ph3us commented Mar 27, 2016

c3ph3us commented Mar 31, 2016

ukanth commented Mar 31, 2016