References for the content of this article:
Summary of Linux security module AppArmor - CSDN blog ,
AppArmor Quick Start - CSDN Blog ,
Apparmor first acquaintance (1)_domybest_nsg's blog-CSDN blog ,
AppArmor and SElinux_apparmor selinux_weixin_45216475's blog - CSDN blog ,
apparmor_What is AppArmor? How to keep Ubuntu safe? _culingluan4376's blog - CSDN blog ,
When using Apparmor, the error apparmor filesystem is not mounted | Algorithm Network ,
The length of several articles was used to introduce the source code construction and installation of AppArmor in detail. In this process, many components are installed, which is equivalent to installing various components through the sudo apt-get install apparmor apparmor-profiles apparmor-docs apparmor-utils command under Ubuntu. In fact, there are still some components that have not been installed yet, but let’s put it aside for a while and change our minds. Starting from this article, we will introduce the actual use of AppArmor, that is, the actual operation.
1. View the status and operation mode of AppArmor
1. Check the status of AppArmor
To check the status of AppArmor, run the following command in Terminal:
sudo apparmor_status
The actual commands and results are as follows:
$ sudo apparmor_status
apparmor module is loaded.
apparmor filesystem is not mounted.
2. View APPArmor running status
Run the following command to view the running status of AppArmor:
$ cat /sys/module/apparmor/parameters/enabled
N
Y: means running;
N: Indicates not running.
Here is N, indicating that AppArmor is not running.
Combining the two states, it means that AppArmor-related components are already in the system, but AppArmor is not enabled and working normally. How to solve?
(1) Modify the /etc/default/grub (the author modified /boot/grub/grub.cfg) file, set GRUB_CMDLINE_LINUX_DEFAULT to "apparmor=1 security=apparmor" (the author uses linux /system/kernel/bzImage chosen= Change $chosen UUID=$currentUuid security="selinux" to linux /system/kernel/bzImage chosen=$chosen UUID=$currentUuid), save and exit.
(2) Reboot.
After restarting, check the status of AppArmor again. The commands and results are as follows:
$ apparmor_status
apparmor module is loaded.
You do not have enough privilege to read the profile set.
The result after adding sudo:
$ sudo apparmor_status
apparmor module is loaded.
Check the running status of AppArmor again. The commands and results are as follows:
$ cat /sys/module/apparmor/parameters/enabled
Y
It can be seen that this time the previous N has changed to Y, indicating that AppArmor is running.
useaa-status
可以查看当前
AppArmor
的运行状态和具有配置文件的应用程序。命令及结果如下所示:
$ aa-status
apparmor module is loaded.
You do not have enough privilege to read the profile set.
$ sudo aa-status
apparmor module is loaded.
It can be seen that aa-status and apparmor_status are the same thing.
$ which aa-status
/usr/sbin/aa-status
$ which apparmor_status
/usr/sbin/apparmor_status
$ ls -l /usr/sbin/aa-status
-rwxr-xr-x 1 root root 205144 4月17日 14:25 /usr/sbin/aa-status
$ ls -l /usr/sbin/apparmor_status
lrwxrwxrwx 1 root root 9 4月17日 14:25 /usr/sbin/apparmor_status -> aa-status
It can also be seen from the aa-status command that there is no application program with a configuration file in the current system.
So how to add access control rules even if there is an application with profile in the system? Please see next time.