帮酷LOGO
0 0 评论
文章标签:apparmor  Ubuntu  spec  mysqld  Profile  Server  disable-app  服务  
ppArmor ("应用程序armor")是Linux内核的安全模块,并且集成到内核和Ubuntu Linux中, 我如何在Ubuntu或Novell Suse Enterprise Linux下禁用mysql配置文件/服务的AppArmor保护?


使用apparmor_statusaa status命令查看有关当前AppArmor策略的各种信息 。 键入以下命令作为root用户或通过sudo命令使用,

$ sudo apparmor_status

或者

$ sudoaa状态

示例输出:

apparmor module is loaded.
6 profiles are loaded.
6 profiles are in enforce mode./sbin/dhclient/usr/lib/NetworkManager/nm-dhcp-client. action/usr/lib/connman/scripts/dhclient-script/usr/sbin/mysqld/usr/sbin/ntpd/usr/sbin/tcpdump
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode./usr/sbin/mysqld (27816) /usr/sbin/ntpd (31952) 0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

还可以键入以下命令以查看当前使用 /sys/kernel/security/apparmor/profiles文件:加载的概要文件列表,
$ cat/sys/kernel/security/apparmor/profiles
示例输出:

/sys/kernel/security/apparmor/profiles
/usr/sbin/mysqld (enforce)
/usr/sbin/tcpdump (enforce)
/usr/sbin/ntpd (enforce)
/usr/lib/connman/scripts/dhclient-script (enforce)
/usr/lib/NetworkManager/nm-dhcp-client.action (enforce)
/sbin/dhclient (enforce)

apparmor配置文件通常存储在文件in/etc/apparmor.d/目录下varous文件名下。

禁用一个配置文件的命令

语法为:

sudoln-s/etc/apparmor.d/{profile.name-here}/etc/apparmor.d/disable/sudo apparmor_parser -R/etc/apparmor.d/{profile.name-name-here}

sudo ln -s/etc/apparmor. d/{profile.name-here}/etc/apparmor. d/disable/sudo apparmor_parser -R/etc/apparmor. d/{profile.name-name-here}

要禁用其他称为mysql的配置文件,请禁用mysql服务器的apparmore保护,输入,

sudoln-s/etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/sudo apparmor_parser -R/etc/apparmor.d/usr.sbin.mysqld

sudo ln -s/etc/apparmor. d/usr.sbin.mysqld/etc/apparmor. d/disable/sudo apparmor_parser -R/etc/apparmor. d/usr.sbin.mysqld

验证是否禁用了mysqld保护:
sudo aa-status
示例输出:

apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode./sbin/dhclient/usr/lib/NetworkManager/nm-dhcp-client. action/usr/lib/connman/scripts/dhclient-script/usr/sbin/ntpd/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode./usr/sbin/ntpd (31952) 0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

如何为mysql启用(enable)apparmor保护?

键入以下命令:

sudorm/etc/apparmor.d/disable/usr.sbin.mysqldsudo apparmor_parser -r/etc/apparmor.d/usr.sbin.mysqldsudo aa-status

sudo rm/etc/apparmor. d/disable/usr.sbin.mysqld sudo apparmor_parser -r/etc/apparmor. d/usr.sbin.mysqld sudo aa-status




文章标签:Server  服务  Ubuntu  spec  Profile  apparmor  disable-app  mysqld  

Copyright © 2011 HelpLib All rights reserved.    知识分享协议 京ICP备05059198号-3  |  如果智培  |  酷兔英语