User Tools
модуль_apparmor
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
модуль_apparmor [2020/11/10 20:04] val [Debian 9] |
модуль_apparmor [2024/05/14 14:15] (current) val [Включение/Выключение] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| * [[http://www.ibm.com/developerworks/ru/library/l-apparmor-1/index.html|Безопасный Linux : Часть первая. AppArmor – песочница для приложений]] | * [[http://www.ibm.com/developerworks/ru/library/l-apparmor-1/index.html|Безопасный Linux : Часть первая. AppArmor – песочница для приложений]] | ||
| - | ===== Установка ===== | + | * [[https://wiki.debian.org/AppArmor/HowToUse|debian AppArmor HowToUse]] |
| + | * [[https://help.ubuntu.com/community/AppArmor|ubuntu AppArmor]] | ||
| - | ==== Включение/Выключение ==== | + | ===== Включение/Выключение ===== |
| - | * В Debian 10 включен по умолчанию | + | * В Debian/Ubuntu включен по умолчанию |
| - | * [[https://wiki.debian.org/AppArmor/HowToUse|AppArmor HowToUse]] | + | |
| + | <code> | ||
| + | # ###apt install apparmor | ||
| + | |||
| + | # aa-status | ||
| + | </code> | ||
| + | |||
| + | === Включение === | ||
| <code> | <code> | ||
| # mkdir /etc/default/grub.d | # mkdir /etc/default/grub.d | ||
| Line 18: | Line 25: | ||
| </code><code> | </code><code> | ||
| GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" | ||
| + | </code> | ||
| + | |||
| + | === Выключение === | ||
| + | <code> | ||
| + | # cat /etc/default/grub | ||
| + | </code><code> | ||
| + | ... | ||
| + | GRUB_CMDLINE_LINUX="... apparmor=0" | ||
| + | ... | ||
| </code><code> | </code><code> | ||
| # update-grub | # update-grub | ||
| Line 23: | Line 39: | ||
| # init 6 | # init 6 | ||
| </code> | </code> | ||
| - | ==== Debian/Ubuntu ==== | + | |
| + | |||
| + | ===== Определение наличия и правка профилей для служб ===== | ||
| + | |||
| + | * [[Сервис Clamav]] | ||
| <code> | <code> | ||
| - | # apt install apparmor | + | # ps axZ #| grep [c]lam |
| - | # aa-status | + | # find /etc/apparmor.d/ |
| - | </code> | + | |
| - | ===== Определение наличия профилей для служб ===== | + | # cat /etc/apparmor.d/usr.sbin.clamd |
| + | </code><code> | ||
| + | ... | ||
| + | /disk2/ rw, | ||
| + | /disk2/** krw, | ||
| + | |||
| + | /var/CommuniGate/ rw, | ||
| + | /var/CommuniGate/** krw, | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat /etc/apparmor.d/local/usr.sbin.dhcpd | ||
| + | </code><code> | ||
| + | /**/dhcp/ r, | ||
| + | /**/dhcp/** r, | ||
| + | </code> | ||
| + | или | ||
| <code> | <code> | ||
| - | # ps axZ # apt install bind9 | + | # rm /etc/apparmor.d/usr.sbin.dhcpd |
| + | </code><code> | ||
| + | # init 6 | ||
| # apt install apparmor-utils | # apt install apparmor-utils | ||
| Line 39: | Line 76: | ||
| # apt install apparmor-profiles | # apt install apparmor-profiles | ||
| + | |||
| + | # less /usr/share/apparmor/extra-profiles/README | ||
| # find /etc/apparmor.d/ | # find /etc/apparmor.d/ | ||
| </code> | </code> | ||
| + | |||
модуль_apparmor.1605027895.txt.gz · Last modified: 2020/11/10 20:04 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
