should be allowed or denied. The program then writes a text file in
/etc/apparmor.d, using the name of the program and its path (in this
case, opt.google.chrome.google-chrome, which in this case was
installed directly from Google [www.google.com/chrome?platform=linux], so
no premade AppArmor profile exists on the system used in this example).
You may then edit the text file as desired, which you must do if you want to
change from complain mode to enforce mode.
When you have a set of profiles that cover what you need, these are the
commands you will use most often:
start: Use the start command as follows:Click here to view code image
matthew@seymour~:$ sudo service apparmor start
stop: Use the stop command as follows:Click here to view code image
matthew@seymour~:$ sudo service apparmor stop
reload: Use the reload command as follows:Click here to view code image
matthew@seymour~:$ sudo service apparmor reload (or restart)
show status: Use the show status command as follows:Click here to view code image
matthew@seymour~:$ sudo service apparmor status
This section has just scratched the surface of AppArmor, but hopefully you
have learned enough information that your appetite has been whetted, and you
are ready to do some further reading.
Forming a Disaster Recovery Plan
No one likes planning for the worst, which probably explains why two-thirds
of people do not have wills. It is a scary thing to have your systems hacked:
One or more criminals has broken through your carefully laid blocks and
caused untold damage to the machine. Your boss, if you have one, wants a
full report of what happened and why, and your users want their email when
they sit down at their desks in the morning. What to do?
If you ever do get hacked, nothing will take the stress away entirely.
However, if you take the time to prepare a proper response in advance, you