AppArmor

AppArmor是一个Linux安全模块（LSM）实现基于名字的强制访问控制（MAC）。我该如何开始/停止/重新启动AppArmor的Ubuntu Linux操作系统下或openSUSE/SUSE企业级Linux服务器系统，IBM硬件上运行？

AppArmor是一个有效的和易于使用的Linux应用安全系统。 AppArmor的则保护Linux操作系统及应用程序从内部或外部的威胁，甚至零日攻击，执行良好的行为和防止甚至未知的应用程序漏洞被利用。

          

AppArmor security policies completely define what system resources individual applications can access, and with what privileges. You need to use the following init.d scripts to control AppArmor:

[a] Debian/Ubuntu Linux - /etc/init.d/apparmor ( or use sudo service apparmor command).

[b] OpenSUSE / Suse Enterprise Linux - /etc/init.d/boot.apparmor

Task: Stop Apparmor

Type the following command:

## debian/ubuntu sudo /etc/init.d/apparmor stop ## Suse/etc/init.d/boot.apparmor stop 

Task: Start Apparmor

Type the following command:

## debian/ubuntu sudo /etc/init.d/apparmor start ## Suse/etc/init.d/boot.apparmor start 

Task: Restart Apparmor

Type the following command:

## debian/ubuntu sudo /etc/init.d/apparmor restart ## Suse/etc/init.d/boot.apparmor restart 

Task: See the current Apparmor status

Type the following command:

## debian/ubuntu sudo /etc/init.d/apparmor status ## Suse/etc/init.d/boot.apparmor status 

Sample outputs:

apparmor module is loaded.17 profiles are loaded.17 profiles are in enforce mode.   /bin/ping   /sbin/klogd   /sbin/syslog-ng   /sbin/syslogd   /usr/lib/PolicyKit/polkit-explicit-grant-helper   /usr/lib/PolicyKit/polkit-grant-helper   /usr/lib/PolicyKit/polkit-grant-helper-pam   /usr/lib/PolicyKit/polkit-read-auth-helper   /usr/lib/PolicyKit/polkit-resolve-exe-helper   /usr/lib/PolicyKit/polkit-revoke-helper   /usr/lib/PolicyKit/polkitd   /usr/sbin/avahi-daemon   /usr/sbin/identd   /usr/sbin/mdnsd   /usr/sbin/nscd   /usr/sbin/ntpd   /usr/sbin/traceroute0 profiles are in complain mode.3 processes have profiles defined.3 processes are in enforce mode :   /sbin/klogd (812)   /sbin/syslog-ng (809)   /usr/sbin/nscd (6229)0 processes are in complain mode.0 processes are unconfined but have a profile defined.