In this video, you will learn what is AppArmor, how to use it, and basic AppArmor commands. AppArmor is basically the Debian alternative to RHEL’s SELinux.
systemctl status apparmor # Checks status of the AppArmor service and tells you if it is enabled on boot
https://medium.com/information-and-technology/so-what-is-apparmor-64d7ae211ed
sudo aa-status
3 modes
-enforcing
-complain
-unconfined
aa-genprof program.sh
Scan then
Inherit: Creates a rule that is denoted by “ix†within the profile, causes the executed binary to inherit permissions from the parent profile.
Child: Creates a rule that is denoted by “Cx†within the profile, requires a sub-profile to be created within the parent profile and rules must be separately generated for this child (prompts will appear when running scans on the parent).
Deny: Creates a rule that AppArmor prepends with “deny†at the start of the line within the profile, causes the parents access to the resource be denied.
Abort: Exits the AppArmor program without saving any changes.
Finish: Exits the AppArmor program but WILL save changes.
aa-logprof
Checks for program updates. .
►► Digital Downloads ➜ https://www.cttstore.com
►► Patreon ➜ https://www.patreon.com/christitustech
►► Twitch ➜ https://www.twitch.tv/christitustech
►► Website and Guides ➜ https://christitus.com
