ENFORCE(8) AppArmor ENFORCE(8)NAME
aa-enforce - set an AppArmor security profile to enforce mode from complain mode.
SYNOPSIS
aa-enforce <executable> [<executable> ...]
DESCRIPTION
aa-enforce is used to set the enforcement mode for one or more profiles to enforce. This command is only relevant is conjuction with the
utility complain which sets a profile to complain mode. The default mode for a security policy is enforce and the aa-complain utility must
be run to change this behavior.
BUGS
None. Please report any you find to bugzilla at <http://bugzilla.novell.com>.
SEE ALSO apparmor(7), apparmor.d(5), aa-complain(1), change_hat(2), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.
NOVELL /SUSE 2008-06-11 ENFORCE(8)
Check Out this Related Man Page
GENPROF(8) AppArmor GENPROF(8)NAME
aa-genprof - profile generation utility for AppArmor
SYNOPSIS
aa-genprof <executable> [-d /path/to/profiles]
OPTIONS -d --dir /path/to/profiles
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
DESCRIPTION
When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will
search $PATH in order to find the program.
If a profile does not exist for the program, aa-genprof will create one using aa-autodep(1).
Genprof will then:
- set the profile to complain mode
- write a mark to the system log
- instruct the user to start the application to
be profiled in another window and exercise its functionality
It then presents the user with two options, (S)can system log for entries to add to profile and (F)inish.
If the user selects (S)can or hits return, aa-genprof will parse the complain mode logs and iterate through generated violations using
logprof(1).
After the user finishes selecting profile entries based on violations that were detected during the program execution, aa-genprof will
reload the updated profiles in complain mode and again prompt the user for (S)can and (D)one. This cycle can then be repeated as neccesary
until all application functionality has been exercised without generating access violations.
When the user eventually hits (F)inish, aa-genprof will set the main profile, and any other profiles that were generated, into enforce mode
and exit.
BUGS
None. Please report any you find to bugzilla at <http://bugzilla.novell.com>.
SEE ALSO apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), change_hat(2), aa-logprof(1), logprof.conf(5), and
<http://forge.novell.com/modules/xfmod/project/?apparmor>.
NOVELL /SUSE 2008-06-11 GENPROF(8)
Using Solaris 9 and 10.
What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years.
Is there a global way to force all users to change their password every 90... (1 Reply)
As a system administrator. sometimes we see the users are trying some commands dangerous for the system health and remove them from their individual coomand history file.
How it is possible to enforce that the normal usres will will not be able to modify the history.
Thanks in advance.
Partha (4 Replies)
Hi,
I need to implement something that will enforce login to a Solaris server as a particular, specifed user. After this login stage, users will be able to "su -" to whichever user they wish, by which time their activity will be captured by some sort of script (yet to be written). What I need... (7 Replies)
Hi All,
How to enforce all users to change their password when they try to login.
I am having Solaris 9 and 10.
Even it would be much better if anyone can say to enforce all users to change their password next morning they login.
Thanks in advance,
Deepak (3 Replies)
Hi,
I am trying to force a server to only accept ssh connections which are:
a. the ssh key connecting to the server has 2048 bits
b. The ssh key they use has a password set on the private key
I have seen in /etc/ssh/sshd_config there are two such parameters:
1. ServerKeyBits
2.... (4 Replies)
here is my script that expects the user to run it like
./best.sh -f /tmp/log.txt
more best.sh
#!/bin/bash
while getopts ":f:" opt; do
case $opt in
f) file_in="$OPTARG"
;;
\?) echo "Invalid option -$OPTARG" >&2
;;
esac
done uname -a
SunOS mymac 5.11 11.2 sun4v... (15 Replies)
i am reading line by line from a file as below
while IFS= read -r var
do
...
...
...
done < "hello.txt"
I added the keytool command in the do while loop as below.
while IFS= read -r var
do
...
keytool -genkey -alias $fname -keyalg RSA -keystore $fname.jks -keysize 2048
...
done... (3 Replies)
Hi.
I inject my tracklogin.sh script in the profile of each user.
$ more .profile
./tracklogin.sh
# This is the default standard profile provided to a user.
MAIL=/usr/mail/${LOGNAME:?}
bash-3.2$ more tracklogin.sh
#!/bin/bash
tdate=$(date +"%d%m%y")
mkdir -p /tmp/root_log... (20 Replies)