felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: improve documentation.

Browse source
This commit is contained in:
Alexandre Pujol 2024-06-03 19:06:02 +01:00
parent ff16790421
commit 0fa7985f0e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
11 changed files with 58 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

14
docs/usage.md
View file

@ -86,17 +86,27 @@ Other AppArmor userspace tools such as `aa-enforce`, `aa-complain`, and `aa-logp
To read the AppArmor log from `/var/log/audit/audit.log`:
```sh
aa-log
$ aa-log
```
To optionally filter a given profile name: `aa-log <profile-name>` (your shell will autocomplete the profile name):
```
aa-log dnsmasq
$ aa-log dnsmasq
DENIED dnsmasq open /proc/sys/kernel/osrelease comm=dnsmasq requested_mask=r denied_mask=r
DENIED dnsmasq open /proc/1/environ comm=dnsmasq requested_mask=r denied_mask=r
DENIED dnsmasq open /proc/cmdline comm=dnsmasq requested_mask=r denied_mask=r
```
To generate AppArmor rule:
```sh
$ aa-log -r dnsmasq
profile dnsmasq {
@{PROC}/@{pid}/environ r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,
}
```
!!! info
Other logs file in `/var/log/audit/` can easily be checked: `aa-log -f 1`