Сравнение постов
Различия между постами
#156239 (12.12.2020 14:55)
и
#156240 (12.12.2020 14:57).
1 | miko@ubu:~$ sudo aa-genprof free | |
1 | [admin@server ~]$ sudo aa-genprof free | |
2 | 2 | |
3 | 3 | Before you begin, you may wish to check if a profile already exists for the application you wish to confine. See the following wiki page for more information: |
4 | 4 | https://gitlab.com/apparmor/apparmor/wikis/Profiles |
5 | 5 | |
6 | 6 | Profiling: /usr/bin/free |
7 | 7 | |
8 | 8 | Please start the application to be profiled in another window and exercise its functionality now. |
9 | 9 | |
10 | 10 | Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. |
11 | 11 | |
12 | 12 | For each AppArmor event, you will be given the opportunity to choose whether the access should be |
13 | 13 | allowed or denied. |
14 | 14 | |
15 | 15 | [(S)can system log for AppArmor events] / (F)inish |
16 | 16 | Reading log entries from /var/log/syslog. |
17 | 17 | Updating AppArmor profiles in /etc/apparmor.d. |
18 | 18 | Complain-mode changes: |
19 | 19 | |
20 | 20 | Profile: /usr/bin/free |
21 | 21 | Path: /proc/sys/kernel/osrelease |
22 | 22 | New Mode: r |
23 | 23 | Severity: 6 |
24 | 24 | |
25 | 25 | [1 - /proc/sys/kernel/osrelease r,] |
26 | 26 | (A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / Abo(r)t / (F)inish |
27 | 27 | Adding /proc/sys/kernel/osrelease r, to profile. |
28 | 28 | |
29 | 29 | = Changed Local Profiles = |
30 | 30 | |
31 | 31 | The following local profiles were changed. Would you like to save them? |
32 | 32 | |
33 | 33 | [1 - /usr/bin/free] |
34 | 34 | (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t |
35 | 35 | |
36 | 36 | = Changed Local Profiles = |
37 | 37 | |
38 | 38 | The following local profiles were changed. Would you like to save them? |
39 | 39 | |
40 | 40 | [1 - /usr/bin/free] |
41 | 41 | (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t |
42 | 42 | Writing updated profile for /usr/bin/free. |
43 | 43 | |
44 | 44 | Profiling: /usr/bin/free |
45 | 45 | |
46 | 46 | Please start the application to be profiled in another window and exercise its functionality now. |
47 | 47 | Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. |
48 | 48 | |
49 | 49 | For each AppArmor event, you will be given the opportunity to choose whether the access should be |
50 | 50 | allowed or denied. |
51 | 51 | |
52 | 52 | [(S)can system log for AppArmor events] / (F)inish |
53 | 53 | |
54 | 54 | Reloaded AppArmor profiles in enforce mode. |
55 | 55 | |
56 | 56 | Please consider contributing your new profile! |
57 | 57 | See the following wiki page for more information: |
58 | 58 | https://gitlab.com/apparmor/apparmor/wikis/Profiles |
59 | 59 |