Linux command
aa-unconfined 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
List unconfined processes
sudo aa-unconfined
Use netstat
sudo aa-unconfined --with-netstat
Show all processes
sudo aa-unconfined --paranoid
Show only server processes
sudo aa-unconfined --show=server
说明
aa-unconfined identifies processes that listen on network sockets but lack AppArmor security profiles. It accomplishes this by checking processes with open TCP or UDP connections against loaded kernel AppArmor policies. This tool is useful for identifying services that may benefit from AppArmor confinement.
参数
- --paranoid
- Examines all processes from the /proc filesystem that have active TCP or UDP ports without AppArmor confinement. Equivalent to --show=all.
- --show=_MODE_
- Determines the set of processes displayed: all (all processes), network (processes with any sockets), server (processes with listening sockets), client (processes with non-listening sockets).
- --with-ss
- Uses the ss(8) utility to identify network socket listeners (default).
- --with-netstat
- Uses the netstat(8) command for network socket discovery instead of ss. Used as fallback when ss is not available.
- -h, --help
- Display help information.
FAQ
What is the aa-unconfined command used for?
aa-unconfined identifies processes that listen on network sockets but lack AppArmor security profiles. It accomplishes this by checking processes with open TCP or UDP connections against loaded kernel AppArmor policies. This tool is useful for identifying services that may benefit from AppArmor confinement.
How do I run a basic aa-unconfined example?
Run `sudo aa-unconfined` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --paranoid do in aa-unconfined?
Examines all processes from the /proc filesystem that have active TCP or UDP ports without AppArmor confinement. Equivalent to --show=all.