Open small070 opened 1 year ago
Description : Apparmor 是個以 name-based (path-based) 來實施 MAC 的工具,它透過 Path entries, Capability entries 去限制一個 application 的權限
Install : apt-get install apparmor
/usr/sbin/aa-status <--- 查看現在的 aa 情況 /sbin/apparmor_parser <--- load a profile into the kernel apt-get install apparmor-utils
/usr/sbin/aa-enforce /usr/sbin/aa-update-browser /usr/sbin/aa-genprof /usr/sbin/aa-unconfined /usr/sbin/aa-logprof /usr/sbin/aa-exec /usr/sbin/aa-decode /usr/sbin/aa-disable /usr/sbin/aa-audit /usr/sbin/aa-autodep /usr/sbin/aa-complain /usr/bin/aa-easyprof
Profile
apt-get install apparmor-profiles # 常用的 profile
/etc/apparmor.d/bin.ping /etc/apparmor.d/usr.sbin.dnsmasq ... apt-get install apparmor-profiles-extra # 特殊用途的 profile
Description : Apparmor 是個以 name-based (path-based) 來實施 MAC 的工具,它透過 Path entries, Capability entries 去限制一個 application 的權限
Install : apt-get install apparmor
/usr/sbin/aa-status <--- 查看現在的 aa 情況 /sbin/apparmor_parser <--- load a profile into the kernel apt-get install apparmor-utils
/usr/sbin/aa-enforce /usr/sbin/aa-update-browser /usr/sbin/aa-genprof /usr/sbin/aa-unconfined /usr/sbin/aa-logprof /usr/sbin/aa-exec /usr/sbin/aa-decode /usr/sbin/aa-disable /usr/sbin/aa-audit /usr/sbin/aa-autodep /usr/sbin/aa-complain /usr/bin/aa-easyprof
Profile
apt-get install apparmor-profiles # 常用的 profile
/etc/apparmor.d/bin.ping /etc/apparmor.d/usr.sbin.dnsmasq ... apt-get install apparmor-profiles-extra # 特殊用途的 profile