Linux: Start / Stop / Restart Apparmor

AppArmor is a Linux Security Module (LSM) implementation of name-based mandatory access controls (MAC). How do I start / stop / restart AppArmor under Ubuntu Linux or OpenSuse / Suse Enterprise Linux server systems running on IBM hardware?

AppArmor is an effective and easy-to-use Linux application security system. AppArmor protects the Linux operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Suse/Ubuntu/Debian
Est. reading time N/A
AppArmor security policies completely define what system resources individual applications can access, and with what privileges. You need to use the following init.d scripts to control AppArmor: [a] Debian/Ubuntu Linux/etc/init.d/apparmor ( or use sudo service apparmor command). [b] OpenSUSE / Suse Enterprise Linux – /etc/init.d/boot.apparmor

Task: Stop Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor stop
 
## Suse
/etc/init.d/boot.apparmor stop

Task: Start Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor start
 
## Suse
/etc/init.d/boot.apparmor start

Task: Restart Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor restart
 
## Suse
/etc/init.d/boot.apparmor restart

Task: See the current Apparmor status

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor status
 
## Suse
/etc/init.d/boot.apparmor status

Sample outputs:

apparmor module is loaded.
17 profiles are loaded.
17 profiles are in enforce mode.
   /bin/ping
   /sbin/klogd
   /sbin/syslog-ng
   /sbin/syslogd
   /usr/lib/PolicyKit/polkit-explicit-grant-helper
   /usr/lib/PolicyKit/polkit-grant-helper
   /usr/lib/PolicyKit/polkit-grant-helper-pam
   /usr/lib/PolicyKit/polkit-read-auth-helper
   /usr/lib/PolicyKit/polkit-resolve-exe-helper
   /usr/lib/PolicyKit/polkit-revoke-helper
   /usr/lib/PolicyKit/polkitd
   /usr/sbin/avahi-daemon
   /usr/sbin/identd
   /usr/sbin/mdnsd
   /usr/sbin/nscd
   /usr/sbin/ntpd
   /usr/sbin/traceroute
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode :
   /sbin/klogd (812) 
   /sbin/syslog-ng (809) 
   /usr/sbin/nscd (6229) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
References:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 1 comment so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • majid May 27, 2014 @ 19:54

    hi
    i can’t use linux mint 16
    this error :apparmor shall policy enable
    please help me
    thank you

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum