帮酷LOGO
  • 显示原文与译文双语对照的内容
文章标签:apparmor  Ubuntu  spec  mysqld  Profile  Server  disable-app  服务  


AppArmor ("應用裝甲") 是用於Linux內核的安全模塊,並集成到內核和 Ubuntu Linux中。 如何在Ubuntu或者 Novell Suse Enterprise Linux下禁用MySQL配置文件/服務的AppArmor保護?


使用 apparmor_status 或者 aa狀態命令查看有關當前AppArmor策略的各種信息。 將以下命令作為根用戶鍵入或者通過sudo命令使用:

$ sudo apparmor_status

或者

$ sudo aa-status

示例輸出:

apparmor module is loaded.
6 profiles are loaded.
6 profiles are in enforce mode./sbin/dhclient/usr/lib/NetworkManager/nm-dhcp-client. action/usr/lib/connman/scripts/dhclient-script/usr/sbin/mysqld/usr/sbin/ntpd/usr/sbin/tcpdump
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode./usr/sbin/mysqld (27816) /usr/sbin/ntpd (31952) 0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

你還可以鍵入以下命令來查看當前使用 /sys/kernel/security/apparmor/profiles file: 載入的概要文件列表
$ yf_terminology_cat@#@#@#cat_yf_terminology/sys/kernel/security/apparmor/profiles
示例輸出:

/sys/kernel/security/apparmor/profiles
/usr/sbin/mysqld (enforce)
/usr/sbin/tcpdump (enforce)
/usr/sbin/ntpd (enforce)
/usr/lib/connman/scripts/dhclient-script (enforce)
/usr/lib/NetworkManager/nm-dhcp-client.action (enforce)
/sbin/dhclient (enforce)

所有apparmor配置文件傳統上都存儲在/etc/apparmor. d/目錄下的varous文件名下的文件中。

禁用一個配置文件的命令

語法為:

sudoln-s/etc/apparmor.d/{profile.name-here}/etc/apparmor.d/disable/sudo apparmor_parser -R/etc/apparmor.d/{profile.name-name-here}

sudo ln -s/etc/apparmor. d/{profile.name-here}/etc/apparmor. d/disable/sudo apparmor_parser -R/etc/apparmor. d/{profile.name-name-here}

要禁用名為 MySQL 換句話說,的配置文件,禁用MySQL伺服器的apparmore保護,請輸入:

sudoln-s/etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/sudo apparmor_parser -R/etc/apparmor.d/usr.sbin.mysqld

sudo ln -s/etc/apparmor. d/usr.sbin.mysqld/etc/apparmor. d/disable/sudo apparmor_parser -R/etc/apparmor. d/usr.sbin.mysqld

驗證是否禁用了mysqld保護:
sudo aa-status
示例輸出:

apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode./sbin/dhclient/usr/lib/NetworkManager/nm-dhcp-client. action/usr/lib/connman/scripts/dhclient-script/usr/sbin/ntpd/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode./usr/sbin/ntpd (31952) 0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

如何為MySQL啟用( 啟用) apparmor保護?

鍵入以下命令:

sudorm/etc/apparmor.d/disable/usr.sbin.mysqldsudo apparmor_parser -r/etc/apparmor.d/usr.sbin.mysqldsudo aa-status

sudo rm/etc/apparmor. d/disable/usr.sbin.mysqld sudo apparmor_parser -r/etc/apparmor. d/usr.sbin.mysqld sudo aa-status




文章标签:Server  服务  Ubuntu  spec  Profile  apparmor  disable-app  mysqld  

Copyright © 2011 HelpLib All rights reserved.    知识分享协议 京ICP备05059198号-3  |  如果智培  |  酷兔英语