{"id":14038,"date":"2023-08-23T07:06:10","date_gmt":"2023-08-22T22:06:10","guid":{"rendered":"https:\/\/lab4ict.com\/system\/?p=14038"},"modified":"2023-08-25T06:30:30","modified_gmt":"2023-08-24T21:30:30","slug":"apparmor%e3%81%ae%e5%9f%ba%e6%9c%ac%e6%93%8d%e4%bd%9c%e3%82%92%e3%81%be%e3%81%a8%e3%82%81%e3%82%8b%ef%bc%81","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/system\/archives\/14038","title":{"rendered":"AppArmor\u306e\u57fa\u672c\u64cd\u4f5c\u3092\u307e\u3068\u3081\u308b\uff01"},"content":{"rendered":"<p>AppArmor\u306e\u57fa\u672c\u64cd\u4f5c\u3092\u307e\u3068\u3081\u307e\u3059\u3002<br \/>\n<!--more--><\/p>\n<h2>\u52d5\u4f5c\u78ba\u8a8d\u3092\u3057\u305f\u74b0\u5883\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h2>\n<p>\u52d5\u4f5c\u78ba\u8a8d\u3057\u305f\u74b0\u5883\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ hostnamectl\r\n Static hostname: vmswps01\r\n       Icon name: computer-vm\r\n         Chassis: vm\r\n      Machine ID: 71bb07e8b0b241a7b80c0ffc45302ee2\r\n         Boot ID: 0c944ead31fd4098a50494eb25a79e50\r\n  Virtualization: oracle\r\nOperating System: Ubuntu 22.04.2 LTS              \r\n          Kernel: Linux 5.15.0-78-generic\r\n    Architecture: x86-64\r\n Hardware Vendor: innotek GmbH\r\n  Hardware Model: VirtualBox\r\n<\/pre>\n<h2>AppArmor\u306e\u72b6\u614b\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u72b6\u614b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ systemctl status apparmor\r\n\u25cf apparmor.service - Load AppArmor profiles\r\n     Loaded: loaded (\/lib\/systemd\/system\/apparmor.service; enabled; vendor preset: enabled)\r\n     Active: active (exited) since Tue 2023-08-22 21:29:25 UTC; 25min ago\r\n       Docs: man:apparmor(7)\r\n             https:\/\/gitlab.com\/apparmor\/apparmor\/wikis\/home\/\r\n    Process: 524 ExecStart=\/lib\/apparmor\/apparmor.systemd reload (code=exited, status=0\/SUCCESS)\r\n   Main PID: 524 (code=exited, status=0\/SUCCESS)\r\n        CPU: 33ms\r\n<\/pre>\n<h2>AppArmor\u3092\u7121\u52b9\u5316\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u3092\u7121\u52b9\u5316\u3057\u3066\u505c\u6b62\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1,5]; title: ; notranslate\" title=\"\">\r\n$ sudo systemctl disable --now apparmor\r\nSynchronizing state of apparmor.service with SysV service script with \/lib\/systemd\/systemd-sysv-install.\r\nExecuting: \/lib\/systemd\/systemd-sysv-install disable apparmor\r\nRemoved \/etc\/systemd\/system\/sysinit.target.wants\/apparmor.service.\r\n$ systemctl status apparmor\r\n\u25cb apparmor.service - Load AppArmor profiles\r\n     Loaded: loaded (\/lib\/systemd\/system\/apparmor.service; disabled; vendor preset: enabled)\r\n     Active: inactive (dead) since Tue 2023-08-22 21:56:41 UTC; 36s ago\r\n       Docs: man:apparmor(7)\r\n             https:\/\/gitlab.com\/apparmor\/apparmor\/wikis\/home\/\r\n    Process: 1225 ExecStop=\/bin\/true (code=exited, status=0\/SUCCESS)\r\n   Main PID: 524 (code=exited, status=0\/SUCCESS)\r\n        CPU: 871us\r\n<\/pre>\n<h2>AppArmor\u3092\u6709\u52b9\u5316\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u3092\u6709\u52b9\u5316\u3057\u3066\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1,5]; title: ; notranslate\" title=\"\">\r\n$ sudo systemctl enable --now apparmor\r\nSynchronizing state of apparmor.service with SysV service script with \/lib\/systemd\/systemd-sysv-install.\r\nExecuting: \/lib\/systemd\/systemd-sysv-install enable apparmor\r\nCreated symlink \/etc\/systemd\/system\/sysinit.target.wants\/apparmor.service \u2192 \/lib\/systemd\/system\/apparmor.service.\r\n$ systemctl status apparmor\r\n\u25cf apparmor.service - Load AppArmor profiles\r\n     Loaded: loaded (\/lib\/systemd\/system\/apparmor.service; enabled; vendor preset: enabled)\r\n     Active: active (exited) since Tue 2023-08-22 21:58:17 UTC; 12s ago\r\n       Docs: man:apparmor(7)\r\n             https:\/\/gitlab.com\/apparmor\/apparmor\/wikis\/home\/\r\n    Process: 1336 ExecStart=\/lib\/apparmor\/apparmor.systemd reload (code=exited, status=0\/SUCCESS)\r\n   Main PID: 1336 (code=exited, status=0\/SUCCESS)\r\n        CPU: 28ms\r\n<\/pre>\n<h2>\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u64cd\u4f5c\u3059\u308b\u305f\u3081\u306e\u30b3\u30de\u30f3\u30c9\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\uff01<\/h2>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo apt install apparmor-utils -y\r\nReading package lists... Done\r\nBuilding dependency tree... Done\r\nReading state information... Done\r\nThe following additional packages will be installed:\r\n  python3-apparmor python3-libapparmor\r\nSuggested packages:\r\n  vim-addon-manager\r\nThe following NEW packages will be installed:\r\n  apparmor-utils python3-apparmor python3-libapparmor\r\n0 upgraded, 3 newly installed, 0 to remove and 75 not upgraded.\r\n...\r\n<\/pre>\n<h2>\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306e\u72b6\u614b\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306e\u72b6\u614b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo apparmor_status\r\napparmor module is loaded.\r\n31 profiles are loaded.\r\n31 profiles are in enforce mode.\r\n   \/snap\/snapd\/18357\/usr\/lib\/snapd\/snap-confine\r\n   \/snap\/snapd\/18357\/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\r\n   \/snap\/snapd\/19457\/usr\/lib\/snapd\/snap-confine\r\n   \/snap\/snapd\/19457\/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\r\n   \/usr\/bin\/man\r\n   \/usr\/lib\/NetworkManager\/nm-dhcp-client.action\r\n   \/usr\/lib\/NetworkManager\/nm-dhcp-helper\r\n   \/usr\/lib\/connman\/scripts\/dhclient-script\r\n   \/usr\/lib\/snapd\/snap-confine\r\n   \/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\r\n   \/{,usr\/}sbin\/dhclient\r\n   lsb_release\r\n   man_filter\r\n   man_groff\r\n   nvidia_modprobe\r\n   nvidia_modprobe\/\/kmod\r\n   snap-update-ns.lxd\r\n   snap.lxd.activate\r\n   snap.lxd.benchmark\r\n   snap.lxd.buginfo\r\n   snap.lxd.check-kernel\r\n   snap.lxd.daemon\r\n   snap.lxd.hook.configure\r\n   snap.lxd.hook.install\r\n   snap.lxd.hook.remove\r\n   snap.lxd.lxc\r\n   snap.lxd.lxc-to-lxd\r\n   snap.lxd.lxd\r\n   snap.lxd.migrate\r\n   snap.lxd.user-daemon\r\n   tcpdump\r\n0 profiles are in complain mode.\r\n0 profiles are in kill mode.\r\n0 profiles are in unconfined mode.\r\n0 processes have profiles defined.\r\n0 processes are in enforce mode.\r\n0 processes are in complain mode.\r\n0 processes are unconfined but have a profile defined.\r\n0 processes are in mixed mode.\r\n0 processes are in kill mode.\r\n<\/pre>\n<h2>\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u8ffd\u52a0\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo apt install apparmor-profiles\r\nReading package lists... Done\r\nBuilding dependency tree... Done\r\nReading state information... Done\r\nThe following NEW packages will be installed:\r\n  apparmor-profiles\r\n0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded.\r\n...\r\n<\/pre>\n<p>\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u304c\u8ffd\u52a0\u3055\u308c\u305f\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo apparmor_status\r\napparmor module is loaded.\r\n48 profiles are loaded.\r\n31 profiles are in enforce mode.\r\n   \/snap\/snapd\/18357\/usr\/lib\/snapd\/snap-confine\r\n   \/snap\/snapd\/18357\/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\r\n   \/snap\/snapd\/19457\/usr\/lib\/snapd\/snap-confine\r\n   \/snap\/snapd\/19457\/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\r\n   \/usr\/bin\/man\r\n   \/usr\/lib\/NetworkManager\/nm-dhcp-client.action\r\n   \/usr\/lib\/NetworkManager\/nm-dhcp-helper\r\n   \/usr\/lib\/connman\/scripts\/dhclient-script\r\n   \/usr\/lib\/snapd\/snap-confine\r\n   \/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\r\n   \/{,usr\/}sbin\/dhclient\r\n   lsb_release\r\n   man_filter\r\n   man_groff\r\n   nvidia_modprobe\r\n   nvidia_modprobe\/\/kmod\r\n   snap-update-ns.lxd\r\n   snap.lxd.activate\r\n   snap.lxd.benchmark\r\n   snap.lxd.buginfo\r\n   snap.lxd.check-kernel\r\n   snap.lxd.daemon\r\n   snap.lxd.hook.configure\r\n   snap.lxd.hook.install\r\n   snap.lxd.hook.remove\r\n   snap.lxd.lxc\r\n   snap.lxd.lxc-to-lxd\r\n   snap.lxd.lxd\r\n   snap.lxd.migrate\r\n   snap.lxd.user-daemon\r\n   tcpdump\r\n17 profiles are in complain mode.\r\n   avahi-daemon\r\n   dnsmasq\r\n   dnsmasq\/\/libvirt_leaseshelper\r\n   identd\r\n   klogd\r\n   mdnsd\r\n   nmbd\r\n   nscd\r\n   php-fpm\r\n   ping\r\n   samba-bgqd\r\n   smbd\r\n   smbldap-useradd\r\n   smbldap-useradd\/\/\/etc\/init.d\/nscd\r\n   syslog-ng\r\n   syslogd\r\n   traceroute\r\n0 profiles are in kill mode.\r\n0 profiles are in unconfined mode.\r\n0 processes have profiles defined.\r\n0 processes are in enforce mode.\r\n0 processes are in complain mode.\r\n0 processes are unconfined but have a profile defined.\r\n0 processes are in mixed mode.\r\n0 processes are in kill mode.\r\n<\/pre>\n<h2>\u3059\u3079\u3066\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u300ccomplain\u300d\u30e2\u30fc\u30c9\u306b\u5909\u66f4\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u3059\u3079\u3066\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u300ccomplain\u300d\u30e2\u30fc\u30c9\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo aa-complain \/etc\/apparmor.d\/*\r\n<\/pre>\n<h2>\u3059\u3079\u3066\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u300cenforce\u300d\u30e2\u30fc\u30c9\u306b\u5909\u66f4\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u3059\u3079\u3066\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u300cenforce\u300d\u30e2\u30fc\u30c9\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo aa-enforce \/etc\/apparmor.d\/*\r\n<\/pre>\n<h2>\u7279\u5b9a\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30ed\u30fc\u30c9\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u7279\u5b9a\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u300cprofile.name\u300d\u3092\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u5909\u66f4\u3057\u3066\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo apparmor_parser -r \/etc\/apparmor.d\/profile.name\r\n<\/pre>\n<h2>\u3059\u3079\u3066\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30ed\u30fc\u30c9\u3059\u308b\uff01<\/h2>\n<p>AppArmor\u306e\u3059\u3079\u3066\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo systemctl reload apparmor.service\r\n<\/pre>\n<h2>\u304a\u308f\u308a\u306b<\/h2>\n<p>AppArmor\u306e\u57fa\u672c\u64cd\u4f5c\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002<\/p>\n<h2>\u53c2\u8003\u60c5\u5831<\/h2>\n<ul>\n<li><a href=\"https:\/\/ubuntu.com\/server\/docs\/security-apparmor\" rel=\"noopener\" target=\"_blank\">Ubuntu - AppArmor<\/a><\/li>\n<\/ul>\n<h2>\u95a2\u9023\u8a18\u4e8b<\/h2>\n<div class=\"sc_getpost\"><a class=\"clearfix\" href=\"https:\/\/lab4ict.com\/system\/archives\/14155\" ><div class=\"sc_getpost_thumb post-box-thumbnail__wrap\"><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODdhAQABAPAAAN3d3QAAACwAAAAAAQABAAACAkQBADs=\" width=\"150\" height=\"150\" alt=\"\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Ubuntu\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01\" loading=\"lazy\" data-src=\"https:\/\/lab4ict.com\/system\/wp-content\/uploads\/2022\/04\/fi_ubuntu_01-150x150.png\" class=\"lazyload\"><\/div><div class=\"title\">\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Ubuntu\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01<\/div><div class=\"substr\">Ubuntu\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u4f7f\u3044\u3053\u306a\u3059\u305f\u3081\u306b\u5fc5\u8981\u3068\u306a\u308b\u8a18\u4e8b\u4e00\u89a7\u3092\u63b2\u8f09\u3057\u307e\u3059\u3002...<\/div><\/a><\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AppArmor\u306e\u57fa\u672c\u64cd\u4f5c\u3092\u307e\u3068\u3081\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":5284,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[933],"tags":[931,891],"class_list":["post-14038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu-security","tag-appaormor","tag-891"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/14038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/comments?post=14038"}],"version-history":[{"count":12,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/14038\/revisions"}],"predecessor-version":[{"id":14158,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/14038\/revisions\/14158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media\/5284"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media?parent=14038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/categories?post=14038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/tags?post=14038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}