AppArmor是一个Linux安全模块(LSM)实现基于名字的强制访问控制(MAC)。我该如何开始/停止/重新启动AppArmor的Ubuntu Linux操作系统下或openSUSE/SUSE企业级Linux服务器系统,IBM硬件上运行?
AppArmor是一个有效的和易于使用的Linux应用安全系统。 AppArmor的则保护Linux操作系统及应用程序从内部或外部的威胁,甚至零日攻击,执行良好的行为和防止甚至未知的应用程序漏洞被利用。
AppArmor security policies completely define what system resources individual applications can access, and with what privileges. You need to use the following init.d scripts to control AppArmor:
[a] Debian/Ubuntu Linux - /etc/init.d/apparmor ( or use sudo service apparmor command).
[b] OpenSUSE / Suse Enterprise Linux - /etc/init.d/boot.apparmor
Type the following command:
## debian/ubuntu sudo /etc/init.d/apparmor stop ## Suse /etc/init.d/boot.apparmor stop
Type the following command:
## debian/ubuntu sudo /etc/init.d/apparmor start ## Suse /etc/init.d/boot.apparmor start
Type the following command:
## debian/ubuntu sudo /etc/init.d/apparmor restart ## Suse /etc/init.d/boot.apparmor restart
Type the following command:
## debian/ubuntu sudo /etc/init.d/apparmor status ## Suse /etc/init.d/boot.apparmor status
Sample outputs:
apparmor module is loaded. 17 profiles are loaded. 17 profiles are in enforce mode. /bin/ping /sbin/klogd /sbin/syslog-ng /sbin/syslogd /usr/lib/PolicyKit/polkit-explicit-grant-helper /usr/lib/PolicyKit/polkit-grant-helper /usr/lib/PolicyKit/polkit-grant-helper-pam /usr/lib/PolicyKit/polkit-read-auth-helper /usr/lib/PolicyKit/polkit-resolve-exe-helper /usr/lib/PolicyKit/polkit-revoke-helper /usr/lib/PolicyKit/polkitd /usr/sbin/avahi-daemon /usr/sbin/identd /usr/sbin/mdnsd /usr/sbin/nscd /usr/sbin/ntpd /usr/sbin/traceroute 0 profiles are in complain mode. 3 processes have profiles defined. 3 processes are in enforce mode : /sbin/klogd (812) /sbin/syslog-ng (809) /usr/sbin/nscd (6229) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.