Linux command
aa-audit 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo aa-audit [profile_name]
Example
sudo aa-audit [profile1] [profile2]
Example
sudo aa-audit -d /path/to/profiles [profile_name]
Example
sudo aa-audit --no-reload [profile_name]
说明
aa-audit configures AppArmor security profiles to operate in audit mode. In this mode, security policy is enforced and all access attempts (both successes and failures) are logged to the system log. This allows administrators to monitor application behavior while still enforcing security policies.
参数
- -d, --dir /path/to/profiles
- Specifies the directory containing AppArmor profiles; defaults to /etc/apparmor.d
- --no-reload
- Prevents automatic profile reloading after modifications
- -r, --remove
- Disable audit mode for the specified profile (reverses the effect of aa-audit).
- -h, --help
- Display help information
FAQ
What is the aa-audit command used for?
aa-audit configures AppArmor security profiles to operate in audit mode. In this mode, security policy is enforced and all access attempts (both successes and failures) are logged to the system log. This allows administrators to monitor application behavior while still enforcing security policies.
How do I run a basic aa-audit example?
Run `sudo aa-audit [profile_name]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d, --dir /path/to/profiles do in aa-audit?
Specifies the directory containing AppArmor profiles; defaults to /etc/apparmor.d