twitter

Post information

Posted by: tux-admin
Country: (US)
Total Posts: 404

Search

Internet TV

linux TV

AppArmor

Wed, 02/15/2012 - 09:18
AppArmor (“Application Armor”) is a security module for the Linux kernel, released under the GNU General Public License. AppArmor allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC).

Install 
$ sudo apt-get install apparmor-profiles

Basic Usage

The apparmor-utils package contains command line utilities that you can use to change the AppArmor execution mode, find the status of a profile, create new profiles, etc.
  • apparmor_statusis used to view the current status of AppArmor profiles.

sudo apparmor_status
  • aa-complain places a profile into complainmode.

sudo aa-complain /path/to/bin
  • aa-enforce places a profile into enforcemode.

sudo aa-enforce /path/to/bin
  • The /etc/apparmor.d directory is where the AppArmor profiles are located. It can be used to manipulate the modeof all profiles.Enter the following to place all profiles into complain mode:

sudo aa-complain /etc/apparmor.d/*

To place all profiles in enforce mode:

sudo aa-enforce /etc/apparmor.d/*
  • apparmor_parser is used to load a profile into the kernel. It can also be used to reload a currently loaded profile using the -roption. To load a profile:

cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a

To reload a profile:

cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r
  • /etc/init.d/apparmor can be used to reloadall profiles:

sudo /etc/init.d/apparmor reload
  • AppArmor can be disabled, and the kernel module unloaded by entering the following:

sudo /etc/init.d/apparmor stop
sudo update-rc.d -f apparmor remove
  • To re-enable AppArmor enter:

$ sudo /etc/init.d/apparmor start
$ sudo update-rc.d apparmor defaults
Size:
 1Mb
Share

Calification:

No votes yet
 
 ubuntu linux
Tags: Administration
 

Member login

Request new password

Not a member yet? Register!

Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores.
A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.