ENFORCE(8) AppArmor ENFORCE(8)NAME
aa-enforce - set an AppArmor security profile to enforce mode from complain mode.
SYNOPSIS
aa-enforce <executable> [<executable> ...]
DESCRIPTION
aa-enforce is used to set the enforcement mode for one or more profiles to enforce. This command is only relevant is conjuction with the
utility complain which sets a profile to complain mode. The default mode for a security policy is enforce and the aa-complain utility must
be run to change this behavior.
BUGS
None. Please report any you find to bugzilla at <http://bugzilla.novell.com>.
SEE ALSO apparmor(7), apparmor.d(5), aa-complain(1), change_hat(2), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.
NOVELL /SUSE 2008-06-11 ENFORCE(8)
Check Out this Related Man Page
GENPROF(8) AppArmor GENPROF(8)NAME
aa-genprof - profile generation utility for AppArmor
SYNOPSIS
aa-genprof <executable> [-d /path/to/profiles]
OPTIONS -d --dir /path/to/profiles
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
DESCRIPTION
When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will
search $PATH in order to find the program.
If a profile does not exist for the program, aa-genprof will create one using aa-autodep(1).
Genprof will then:
- set the profile to complain mode
- write a mark to the system log
- instruct the user to start the application to
be profiled in another window and exercise its functionality
It then presents the user with two options, (S)can system log for entries to add to profile and (F)inish.
If the user selects (S)can or hits return, aa-genprof will parse the complain mode logs and iterate through generated violations using
logprof(1).
After the user finishes selecting profile entries based on violations that were detected during the program execution, aa-genprof will
reload the updated profiles in complain mode and again prompt the user for (S)can and (D)one. This cycle can then be repeated as neccesary
until all application functionality has been exercised without generating access violations.
When the user eventually hits (F)inish, aa-genprof will set the main profile, and any other profiles that were generated, into enforce mode
and exit.
BUGS
None. Please report any you find to bugzilla at <http://bugzilla.novell.com>.
SEE ALSO apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), change_hat(2), aa-logprof(1), logprof.conf(5), and
<http://forge.novell.com/modules/xfmod/project/?apparmor>.
NOVELL /SUSE 2008-06-11 GENPROF(8)
Hi all,
I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only.
Regards (6 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Hi,
Last 2 weeks I have searched many forums and i haven't found the answer for the question:
How to get all command output to Putty title?
Needed it for other programs to know when some jobs on a server is done and is it done right or wrong. Plink stdout and stdin wasn't working, i used many... (1 Reply)
anyone have any idea how do to this with auth_attr?
I suspect if I grant him
solaris.device.:RO::Device Allocation::help=DevAllocHeader.html
that will work but I'm unsure. Just looking for a second opinion. (10 Replies)
I am looking for a stable, reliable system to replace my current Windows systems in the home. These are simple systems that I purchased from the local Big Box store.
I have heard many good things about Unix and it's various children and it sounds like a good option to me. I have worked... (2 Replies)
We have a lot of scripts using cut as :
cut -c 0-8 --works for cut (GNU coreutils) 5.97, but does not work for cut (GNU coreutils) 8.4.
Gives error -
cut: fields and positions are numbered from 1
Try `cut --help' for more information.
The position needs to start with 1 for later... (6 Replies)
I've got a problem with a proxy configuration. We have an LDAP group that lists all users who are authorised to use the proxy to FTP (usually Filezilla) out to the world, and by implication those not in the group should be denied. My users are delighted that this has been enabled and those that... (9 Replies)
hi folks,
how to using tar with exclude directory and compress it using tar.Z
i only know how to exclude dir only with this command below:
tar -cvf /varios/restore/test.tar -X excludefile.txt /jfma/test1/
how to compress it using 1 command?
Thanx
Please use CODE tags as... (6 Replies)
Hello All,
I had recently learnt a bit of Docker(which provides containerization process).
Here are some of my learning points from it.
Let us start first with very basic question:
What is Docker:
Docker is a platform for sysadmins and developers to DEPLOY, DEVELOP and RUN applications ... (7 Replies)
What is the point of this? Whenever I close my shell it appends to the history file without adding this. I have never seen it overwrite my history file.
# When the shell exits, append to the history file instead of overwriting it
shopt -s histappend (3 Replies)
Hello for all,
I am testing the behavior of a 32 bit application running on Solaris 5.10 (SPARC), and realize it reaches 4GB of memory and then crashes.
It doesn't matter the amount of used memory as application is intended to perform many transactions; rather, what I want to achieve is to... (2 Replies)