apparmor_status

2024-08-13

Understanding the Output of security-apparmor_status

The command’s output is structured, delivering information about various aspects of AppArmor’s functionality. Let’s break down the typical output:

$ sudo security-apparmor_status
AppArmor status:
  AppArmor is enabled.
  Profile status:
    /usr/sbin/cupsd (enforce): OK
    /usr/lib/firefox/firefox (enforce): OK
    /usr/bin/gnome-terminal (enforce): OK
    ... (more profiles) ...
  Global status: enforcing

This example shows:

Analyzing Profile Status

Let’s examine different profile status indicators:

Handling Different Scenarios with security-apparmor_status

Scenario 1: Checking a Specific Profile

You can’t directly query security-apparmor_status for a specific profile, but you can use grep to filter the output:

sudo security-apparmor_status | grep firefox

This will only show lines containing “firefox” in the output.

Scenario 2: Identifying Disabled Profiles

To find all disabled profiles:

sudo security-apparmor_status | grep DISABLED

This command will list all profiles marked as DISABLED.

Scenario 3: Detecting Profiles in Complain Mode

To find profiles running in complain mode: (Note: The output format might vary slightly depending on your distribution and AppArmor version)

sudo security-apparmor_status | grep complain

This will highlight any application using a profile in complain mode.

Scenario 4: Verifying AppArmor’s Overall Status

A simple check to see if AppArmor is enabled:

sudo security-apparmor_status | grep "AppArmor is enabled"

This command outputs the line confirming AppArmor’s enabled status if it is. Otherwise, it returns nothing.

These examples illustrate how to use security-apparmor_status for various AppArmor management tasks. Regularly checking AppArmor status with this command is a good security practice. Understanding the output allows for proactive identification and resolution of potential security vulnerabilities.