AppArmor Zero-Knowledge Learning Thirteen, Practice and Practice (1)

References for the content of this article:

AppArmor · GitBook，

Summary of Linux security module AppArmor - CSDN blog ,

AppArmor Quick Start - CSDN Blog ,

Apparmor first acquaintance (1)_domybest_nsg's blog-CSDN blog ,

AppArmor and SElinux_apparmor selinux_weixin_45216475's blog - CSDN blog ,

apparmor_What is AppArmor? How to keep Ubuntu safe? _culingluan4376's blog - CSDN blog ,

apparmor Homepage, Documentation and Downloads - Application Access Control System - OSCHINA - Chinese Open Source Technology Exchange Community ,

When using Apparmor, the error apparmor filesystem is not mounted | Algorithm Network ,

Learning LSM (Linux security module) III: Apparmor's past and present and basic use_wx5b7658e51ef04's technical blog_51CTO blog

The length of several articles was used to introduce the source code construction and installation of AppArmor in detail. In this process, many components are installed, which is equivalent to installing various components through the sudo apt-get install apparmor apparmor-profiles apparmor-docs apparmor-utils command under Ubuntu. In fact, there are still some components that have not been installed yet, but let’s put it aside for a while and change our minds. Starting from this article, we will introduce the actual use of AppArmor, that is, the actual operation.

1. View the status and operation mode of AppArmor

1. Check the status of AppArmor

To check the status of AppArmor, run the following command in Terminal:

sudo apparmor_status

The actual commands and results are as follows:

$ sudo apparmor_status 
apparmor module is loaded.
apparmor filesystem is not mounted.

2. View APPArmor running status

Run the following command to view the running status of AppArmor:

$ cat /sys/module/apparmor/parameters/enabled
N

Y: means running;

N: Indicates not running.

Here is N, indicating that AppArmor is not running.

Combining the two states, it means that AppArmor-related components are already in the system, but AppArmor is not enabled and working normally. How to solve?

(1) Modify the /etc/default/grub (the author modified /boot/grub/grub.cfg) file, set GRUB_CMDLINE_LINUX_DEFAULT to "apparmor=1 security=apparmor" (the author uses linux /system/kernel/bzImage chosen= Change $chosen UUID=$currentUuid security="selinux" to linux /system/kernel/bzImage chosen=$chosen UUID=$currentUuid), save and exit.

(2) Reboot.

After restarting, check the status of AppArmor again. The commands and results are as follows:

$ apparmor_status 
apparmor module is loaded.
You do not have enough privilege to read the profile set.

The result after adding sudo:

$ sudo apparmor_status 
apparmor module is loaded.

Check the running status of AppArmor again. The commands and results are as follows:

$ cat /sys/module/apparmor/parameters/enabled 
Y

It can be seen that this time the previous N has changed to Y, indicating that AppArmor is running.

useaa-status可以查看当前AppArmor的运行状态和具有配置文件的应用程序。命令及结果如下所示：

$ aa-status 
apparmor module is loaded.
You do not have enough privilege to read the profile set.

$ sudo aa-status 
apparmor module is loaded.

It can be seen that aa-status and apparmor_status are the same thing.

$ which aa-status 
/usr/sbin/aa-status

$ which apparmor_status 
/usr/sbin/apparmor_status

$ ls -l /usr/sbin/aa-status 
-rwxr-xr-x 1 root root 205144  4月17日 14:25 /usr/sbin/aa-status

$ ls -l /usr/sbin/apparmor_status 
lrwxrwxrwx 1 root root 9  4月17日 14:25 /usr/sbin/apparmor_status -> aa-status

It can also be seen from the aa-status command that there is no application program with a configuration file in the current system.

So how to add access control rules even if there is an application with profile in the system? Please see next time.