User Tools
модуль_apparmor
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
модуль_apparmor [2020/11/11 09:59] val [Определение наличия профилей для служб] |
модуль_apparmor [2024/05/14 14:15] (current) val [Включение/Выключение] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| * [[http://www.ibm.com/developerworks/ru/library/l-apparmor-1/index.html|Безопасный Linux : Часть первая. AppArmor – песочница для приложений]] | * [[http://www.ibm.com/developerworks/ru/library/l-apparmor-1/index.html|Безопасный Linux : Часть первая. AppArmor – песочница для приложений]] | ||
| - | ===== Установка ===== | + | * [[https://wiki.debian.org/AppArmor/HowToUse|debian AppArmor HowToUse]] |
| + | * [[https://help.ubuntu.com/community/AppArmor|ubuntu AppArmor]] | ||
| - | ==== Включение/Выключение ==== | + | ===== Включение/Выключение ===== |
| - | * В Debian 10 включен по умолчанию | + | * В Debian/Ubuntu включен по умолчанию |
| - | * [[https://wiki.debian.org/AppArmor/HowToUse|AppArmor HowToUse]] | + | |
| + | <code> | ||
| + | # ###apt install apparmor | ||
| + | |||
| + | # aa-status | ||
| + | </code> | ||
| + | |||
| + | === Включение === | ||
| <code> | <code> | ||
| # mkdir /etc/default/grub.d | # mkdir /etc/default/grub.d | ||
| Line 18: | Line 25: | ||
| </code><code> | </code><code> | ||
| GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" | ||
| + | </code> | ||
| + | |||
| + | === Выключение === | ||
| + | <code> | ||
| + | # cat /etc/default/grub | ||
| + | </code><code> | ||
| + | ... | ||
| + | GRUB_CMDLINE_LINUX="... apparmor=0" | ||
| + | ... | ||
| </code><code> | </code><code> | ||
| # update-grub | # update-grub | ||
| Line 23: | Line 39: | ||
| # init 6 | # init 6 | ||
| </code> | </code> | ||
| - | ==== Debian/Ubuntu ==== | ||
| - | <code> | ||
| - | # apt install apparmor | ||
| - | # aa-status | ||
| - | </code> | ||
| ===== Определение наличия и правка профилей для служб ===== | ===== Определение наличия и правка профилей для служб ===== | ||
| + | |||
| + | * [[Сервис Clamav]] | ||
| + | |||
| <code> | <code> | ||
| - | # ps axZ # apt install clamav-daemon | + | # ps axZ #| grep [c]lam |
| # find /etc/apparmor.d/ | # find /etc/apparmor.d/ | ||
| # cat /etc/apparmor.d/usr.sbin.clamd | # cat /etc/apparmor.d/usr.sbin.clamd | ||
| + | </code><code> | ||
| ... | ... | ||
| /disk2/ rw, | /disk2/ rw, | ||
| /disk2/** krw, | /disk2/** krw, | ||
| + | | ||
| + | /var/CommuniGate/ rw, | ||
| + | /var/CommuniGate/** krw, | ||
| ... | ... | ||
| + | </code><code> | ||
| + | # cat /etc/apparmor.d/local/usr.sbin.dhcpd | ||
| + | </code><code> | ||
| + | /**/dhcp/ r, | ||
| + | /**/dhcp/** r, | ||
| + | </code> | ||
| + | или | ||
| + | <code> | ||
| + | # rm /etc/apparmor.d/usr.sbin.dhcpd | ||
| + | </code><code> | ||
| + | # init 6 | ||
| # apt install apparmor-utils | # apt install apparmor-utils | ||
| Line 47: | Line 76: | ||
| # apt install apparmor-profiles | # apt install apparmor-profiles | ||
| + | |||
| + | # less /usr/share/apparmor/extra-profiles/README | ||
| # find /etc/apparmor.d/ | # find /etc/apparmor.d/ | ||
модуль_apparmor.1605077979.txt.gz · Last modified: 2020/11/11 09:59 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
