AA-ENFORCE(8) AppArmor AA-ENFORCE(8)NAME
aa-enforce - set an AppArmor security profile to enforce mode from being disabled or complain mode.
SYNOPSIS
aa-enforce <executable> [<executable> ...]
DESCRIPTION
aa-enforce is used to set the enforcement mode for one or more profiles to enforce. This command is only relevant in conjunction with the
aa-complain utility which sets a profile to complain mode and the aa-disable utility which unloads and disables a profile. The default mode
for a security policy is enforce and the aa-complain utility must be run to change this behavior.
BUGS
If you find any bugs, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO apparmor(7), apparmor.d(5), aa-complain(1), aa-disable(1), aa_change_hat(2), and <http://wiki.apparmor.net>.
AppArmor 2.7.103 2012-06-28 AA-ENFORCE(8)
Check Out this Related Man Page
AA-GENPROF(8) AppArmor AA-GENPROF(8)NAME
aa-genprof - profile generation utility for AppArmor
SYNOPSIS
aa-genprof <executable> [-d /path/to/profiles]
OPTIONS -d --dir /path/to/profiles
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
DESCRIPTION
When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will
search $PATH in order to find the program.
If a profile does not exist for the program, aa-genprof will create one using aa-autodep(1).
Genprof will then:
- set the profile to complain mode
- write a mark to the system log
- instruct the user to start the application to
be profiled in another window and exercise its functionality
It then presents the user with two options, (S)can system log for entries to add to profile and (F)inish.
If the user selects (S)can or hits return, aa-genprof will parse the complain mode logs and iterate through generated violations using
aa-logprof(1).
After the user finishes selecting profile entries based on violations that were detected during the program execution, aa-genprof will
reload the updated profiles in complain mode and again prompt the user for (S)can and (D)one. This cycle can then be repeated as necessary
until all application functionality has been exercised without generating access violations.
When the user eventually hits (F)inish, aa-genprof will set the main profile, and any other profiles that were generated, into enforce mode
and exit.
BUGS
If you find any bugs, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), aa-logprof(1), logprof.conf(5), and
<http://wiki.apparmor.net>.
AppArmor 2.7.103 2012-06-28 AA-GENPROF(8)
Why do shell builtins like echo and pwd have binaries in /bin? When I do which pwd, I get the one in /bin. that means that I am not using the builtin version? What determines which one gets used? Is the which command a definitive way to determine what is being run when I enter pwd? (16 Replies)
Introduction
I have seen some misinformation regarding Unix file permissions. I will try to set the record straight. Take a look at this example of some output from ls:
$ ls -ld /usr/bin /usr/bin/cat
drwxrwxr-x 3 root bin 8704 Sep 23 2004 /usr/bin
-r-xr-xr-x 1 bin bin ... (6 Replies)
I see lot of ad-hoc shell scripts in our servers which don't have a shebang at the beginning .
Does this mean that it will run on any shell ?
Is it a good practice to create scripts (even ad-hoc ones) without shebang ? (16 Replies)
For a starter I know the braces are NOT in the code...
Consider these code snippets:-
#!/bin/bash --posix
x=0
somefunction()
if
then
echo "I am here."
fi
# somefunction
#!/bin/bash --posix
x=0
somefunction()
if (2 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
For those interested in installing dash shell on OSX Lion to help test POSIX compliancy of shell scripts, it is quite easy. I did it like this:
If you don't have gcc on your system:
0. Download and install the Command Line Tools for Xcode package from Sign In - Apple *
1. Download the dash... (2 Replies)
Hi all,
I am learning POSIX shell programming, and the book I read, uses the let command for integer arithmetic.
I have downloaded and use the shellcheck program on Linux.
This programs says:
In POSIX sh, 'let' is undefined.
See the screenshot attached.
What is the POSIX... (1 Reply)
I don't know how to start this but here goes.
I've been "using" Linux for over 10 years, possibly more and I still feel like I'm nowhere
where I should be. I'll be fair most of my time was spent either figuring out how
to run games on *nix at the time but as I got older and "wiser" I... (8 Replies)
In a professional environment with traditional application you often want (or are asked) to report the users.
Traditionally there is the who command
who | awk '{print $1}'telnetd or sshd register the users in the utmp file, to be shown with who, w, users, finger, pinky, ...
In addition they... (1 Reply)
Hi all, (mainly Neo)...
I keep noticing that the SQRT code I wrote recently for a POSIX shell keeps appearing, (the green colour sticks out like a sore thumb).
So I decided to take a look on Google.
Guess what?
UNIX.COM comes first in Google's listing just from two words, see image... (2 Replies)