Version vom 9. Mai 2022, 09:47 Uhr

Checken ob Apparmor installiert ist

dpkg -l apparmor

Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name                                      Version                   Architektur               Beschreibung
+++-=========================================-=========================-=========================-=======================================================================================
ii  apparmor                                  2.10.95-0ubuntu2.6        amd64                     user-space parser utility for AppArmor

Läuft Apparmor

systemctl status apparmor

● apparmor.service - LSB: AppArmor initialization
   Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
   Active: active (exited) since Di 2017-10-24 11:55:53 CEST; 2 weeks 3 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 591 ExecStart=/etc/init.d/apparmor start (code=exited, status=0/SUCCESS)
    Tasks: 0
   Memory: 0B
      CPU: 0

Hilfsprogramme

apt-get install apparmor-utils

AA Status

aa-status

apparmor module is loaded.
7 profiles are loaded.
7 profiles are in enforce mode.
   /usr/bin/man
   lsb_release
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
   tcpdump
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

Apparmor Modi

Enforce-Modus
- Unterbindet alle Regelverstösse
Complain-Modus
- Protokolliert alle Regelverstösse
Audit-Modus
- Checken potentieller Regelverstösse

Apparmor Utils

apt install apparmor-utils

aa-audit

Setzen einen Anwendung in den Auditmodus

aa-audit /etc/apparmor.d/usr.lib.ipsec.charon

Setting /etc/apparmor.d/usr.lib.ipsec.charon to audit mode.

aa-unconfined

Checken welche Netzwerkdienste nicht überwacht werden

aa-unconfined

1034 /usr/sbin/sshd not confined
17017 /usr/lib/ipsec/charon confined by '/usr/lib/ipsec/charon (enforce)'

disable service from apparmor temporarily

apparmor_parser -R /etc/apparmor.d/usr.sbin.tcpdump

enable to apparmor

apparmor_parser /etc/apparmor.d/usr.sbin.tcpdump

disable service from apparmor permanently

ln -s /etc/apparmor.d/usr.sbin.tcpdump /etc/apparmor.d/disable/
systemctl restart apparmor

undo and enable the service

rm /etc/apparmor.d/disable/usr.sbin.tcpdump
systemctl restart apparmor

@@ Zeile 30: / Zeile 30: @@
 <pre>
 apparmor module is loaded.
 profiles are loaded.
 profiles are in enforce mode.
-   /sbin/dhclient
+    /usr/bin/man
-    /usr/bin/lxc-start
+    lsb_release
-    /usr/bin/ubuntu-core-launcher
+    man_filter
-    /usr/lib/NetworkManager/nm-dhcp-client.action
+    man_groff
-    /usr/lib/NetworkManager/nm-dhcp-helper
+    nvidia_modprobe
-    /usr/lib/connman/scripts/dhclient-script
+    nvidia_modprobe//kmod
-    /usr/lib/ipsec/charon
+    tcpdump
-   /usr/lib/ipsec/stroke
-    /usr/lib/lxd/lxd-bridge-proxy
-   /usr/sbin/tcpdump
-   lxc-container-default
-   lxc-container-default-cgns
-   lxc-container-default-with-mounting
-   lxc-container-default-with-nesting
 profiles are in complain mode.
 processes have profiles defined.
 processes are in enforce mode.
-   /usr/lib/ipsec/charon (17017)
 processes are in complain mode.
 processes are unconfined but have a profile defined.
 </pre>
 =Apparmor Modi=
 *Enforce-Modus

Apparmor Handling: Unterschied zwischen den Versionen

Version vom 9. Mai 2022, 09:47 Uhr

Inhaltsverzeichnis

Checken ob Apparmor installiert ist

Läuft Apparmor

Hilfsprogramme

AA Status

Apparmor Modi

Apparmor Utils

aa-audit

aa-unconfined

disable service from apparmor temporarily

enable to apparmor

disable service from apparmor permanently

undo and enable the service

Links

Navigationsmenü

Suche