Linux command
aa-genprof 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo aa-genprof [/path/to/program]
Example
sudo aa-genprof -d [/path/to/profiles] [/path/to/program]
Example
sudo aa-genprof -f [/path/to/logfile] [/path/to/program]
说明
aa-genprof is a profile generation utility for AppArmor that automates the creation of security profiles by monitoring program behavior. If no profile exists, it creates one using aa-autodep. It then sets the profile to complain mode, writes a mark to the system log, and instructs the user to exercise the application in another window. When the user selects (S)can, aa-genprof parses complain mode logs and iterates through violations using aa-logprof. When (F)inish is selected, all generated profiles are set to enforce mode.
参数
- -d, --dir _/path/to/profiles_
- Specifies where to look for the AppArmor security profile set; defaults to /etc/apparmor.d
- -f, --file _/path/to/logfile_
- Specifies the location of the logfile; default locations are read from /etc/apparmor/logprof.conf
- -h, --help
- Display help information
FAQ
What is the aa-genprof command used for?
aa-genprof is a profile generation utility for AppArmor that automates the creation of security profiles by monitoring program behavior. If no profile exists, it creates one using aa-autodep. It then sets the profile to complain mode, writes a mark to the system log, and instructs the user to exercise the application in another window. When the user selects (S)can, aa-genprof parses complain mode logs and iterates through violations using aa-logprof. When (F)inish is selected, all generated profiles are set to enforce mode.
How do I run a basic aa-genprof example?
Run `sudo aa-genprof [/path/to/program]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d, --dir _/path/to/profiles_ do in aa-genprof?
Specifies where to look for the AppArmor security profile set; defaults to /etc/apparmor.d