Blog

03/06/2019

Linux: Start / Stop / Restart Apparmor



AppArmor is a Linux Security Module (LSM) implementation of name-based mandatory access controls (MAC). How do I start / stop / restart AppArmor under Ubuntu Linux or OpenSuse / Suse Enterprise Linux server systems running on IBM hardware?

AppArmor is an effective and easy-to-use Linux application security system. AppArmor protects the Linux operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. You need to use the following init.d scripts to control AppArmor:

[a] Debian/Ubuntu Linux/etc/init.d/apparmor ( or use sudo service apparmor command).

[b] OpenSUSE / Suse Enterprise Linux – /etc/init.d/boot.apparmor

Task: Stop Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor stop
 
## Suse
/etc/init.d/boot.apparmor stop

Task: Start Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor start
 
## Suse
/etc/init.d/boot.apparmor start

Task: Restart Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor restart
 
## Suse
/etc/init.d/boot.apparmor restart

Task: See the current Apparmor status

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor status
 
## Suse
/etc/init.d/boot.apparmor status

Sample outputs:

apparmor module is loaded.
17 profiles are loaded.
17 profiles are in enforce mode.
   /bin/ping
   /sbin/klogd
   /sbin/syslog-ng
   /sbin/syslogd
   /usr/lib/PolicyKit/polkit-explicit-grant-helper
   /usr/lib/PolicyKit/polkit-grant-helper
   /usr/lib/PolicyKit/polkit-grant-helper-pam
   /usr/lib/PolicyKit/polkit-read-auth-helper
   /usr/lib/PolicyKit/polkit-resolve-exe-helper
   /usr/lib/PolicyKit/polkit-revoke-helper
   /usr/lib/PolicyKit/polkitd
   /usr/sbin/avahi-daemon
   /usr/sbin/identd
   /usr/sbin/mdnsd
   /usr/sbin/nscd
   /usr/sbin/ntpd
   /usr/sbin/traceroute
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode :
   /sbin/klogd (812) 
   /sbin/syslog-ng (809) 
   /usr/sbin/nscd (6229) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
References:

Posted by: SXI ADMIN

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

14/08/2019

How to KVM, QEMU start or stop virtual machine from command line (CLI)

KVM or Kernel Based Virtual Machine is a popular virtualization technology. It allows you to run virtual guest machines over a host machine. To start...
14/08/2019

How to Docker backup Saving and restoring your volumes

Running a Docker volume backup First, we spin up a temporary container, and we mount the backup folder and the target Docker volume to this container....
12/08/2019

How to Start and Enable Firewalld on CentOS 7

In this article, we discuss how to start and enable firewalld. It is highly recommended that you have a firewall protecting your server.Pre-Flight CheckThese...