AA-ENFORCE(8) AppArmor AA-ENFORCE(8)NAME
aa-enforce - set an AppArmor security profile to enforce mode from being disabled or complain mode.
SYNOPSIS
aa-enforce <executable> [<executable> ...]
DESCRIPTION
aa-enforce is used to set the enforcement mode for one or more profiles to enforce. This command is only relevant in conjunction with the
aa-complain utility which sets a profile to complain mode and the aa-disable utility which unloads and disables a profile. The default mode
for a security policy is enforce and the aa-complain utility must be run to change this behavior.
BUGS
If you find any bugs, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO apparmor(7), apparmor.d(5), aa-complain(1), aa-disable(1), aa_change_hat(2), and <http://wiki.apparmor.net>.
AppArmor 2.7.103 2012-06-28 AA-ENFORCE(8)
Check Out this Related Man Page
AA-GENPROF(8) AppArmor AA-GENPROF(8)NAME
aa-genprof - profile generation utility for AppArmor
SYNOPSIS
aa-genprof <executable> [-d /path/to/profiles]
OPTIONS -d --dir /path/to/profiles
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
DESCRIPTION
When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will
search $PATH in order to find the program.
If a profile does not exist for the program, aa-genprof will create one using aa-autodep(1).
Genprof will then:
- set the profile to complain mode
- write a mark to the system log
- instruct the user to start the application to
be profiled in another window and exercise its functionality
It then presents the user with two options, (S)can system log for entries to add to profile and (F)inish.
If the user selects (S)can or hits return, aa-genprof will parse the complain mode logs and iterate through generated violations using
aa-logprof(1).
After the user finishes selecting profile entries based on violations that were detected during the program execution, aa-genprof will
reload the updated profiles in complain mode and again prompt the user for (S)can and (D)one. This cycle can then be repeated as necessary
until all application functionality has been exercised without generating access violations.
When the user eventually hits (F)inish, aa-genprof will set the main profile, and any other profiles that were generated, into enforce mode
and exit.
BUGS
If you find any bugs, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), aa-logprof(1), logprof.conf(5), and
<http://wiki.apparmor.net>.
AppArmor 2.7.103 2012-06-28 AA-GENPROF(8)
I am sure this is a newbie question, but I have searched everywhere and cannot find an answer.
My situation is that due security constraints, I cannot modify my .profile file. I have a set of fairly common things that would normally go in the .profile, like setting up alias assignments and... (2 Replies)
As a system administrator. sometimes we see the users are trying some commands dangerous for the system health and remove them from their individual coomand history file.
How it is possible to enforce that the normal usres will will not be able to modify the history.
Thanks in advance.
Partha (4 Replies)
Hi All,
How to enforce all users to change their password when they try to login.
I am having Solaris 9 and 10.
Even it would be much better if anyone can say to enforce all users to change their password next morning they login.
Thanks in advance,
Deepak (3 Replies)
hello all
i need to disable the su without "-"
with another meaning i need to force executing of the .profile when using su command
any ideas ??? (4 Replies)