Check AppArmor Status

About This Task

AppArmor is a Linux kernel security module that provides mandatory access control (MAC) to restrict application capabilities, protecting systems from security threats by enforcing specific rules on a per-application basis.

AppArmor uses profiles to provide MAC to the applications you specify.

There are a few different methods for checking the status in this procedure, including:

  • Verify whether the kernel module is enabled directly

  • Check the kernel configuration

  • Use the aa-status application to view status and additional information concerning AppArmor profiles

Before You Begin

You must have an eLxr Server 12 development host setup with sudo privileges. For details, see Quick Start Overview.

Procedure

Check the Kernel Parameter

Run the following command from the terminal.

#  cat /sys/module/apparmor/parameters/enabled

Y

The Y indicates kernel support for AppArmor.

Check the Kernel Configuration

Run the following command from the terminal.

# grep APPARMOR /boot/config-$(uname -r)

CONFIG_SECURITY_APPARMOR=y
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
CONFIG_DEFAULT_SECURITY_APPARMOR=y

In this example every APPARMOR config option is enabled, with the exception of DEBUG. This represents the default operation.

Check Detailed Status with the aa-status Tool

The aa-status tool provides more detailed information than the kernel options above, including information on the number of available profiles, which mode they run in, and the processes confined by AppArmor.

Run the following command from the terminal.

# /usr/sbin/aa-status

The output depicts the status of the installed applications, listing them in the following categories:

  • enforce mode

  • complain mode

  • unconfined

In addition, it also lists the status of applications with existing AppArmor profiles and the number of processes confined by AppArmor.

Results

In this procedure, you learned how check AppArmor status. To learn how to set or disable AppArmor enforcing, see Set AppArmor Enforcing Mode.

For more detailed information on AppArmor modes, see AppArmor Documentation on GitLab.