aa-genprof(8)


NAME

   aa-genprof - profile generation utility for AppArmor

SYNOPSIS

   aa-genprof <executable> [-d /path/to/profiles] [-f /path/to/logfile]

OPTIONS

   -d --dir  /path/to/profiles

      Specifies where to look for the AppArmor security profile set.
      Defaults to /etc/apparmor.d.

   -f --file  /path/to/logfile

           Specifies the location of logfile.
           Default locations are read from F</etc/apparmor/logprof.conf>.
           Typical defaults are:
                    /var/log/audit/audit.log
                    /var/log/syslog
                    /var/log/messages

DESCRIPTION

   When running aa-genprof, you must specify a program to profile.  If the
   specified program is not a fully-qualified path, aa-genprof will search
   $PATH in order to find the program.

   If a profile does not exist for the program, aa-genprof will create one
   using aa-autodep(1).

   Genprof will then:

      - set the profile to complain mode

      - write a mark to the system log

      - instruct the user to start the application to
        be profiled in another window and exercise its functionality

   It then presents the user with two options, (S)can system log for
   entries to add to profile and (F)inish.

   If the user selects (S)can or hits return, aa-genprof will parse the
   complain mode logs and iterate through generated violations using
   aa-logprof(1).

   After the user finishes selecting profile entries based on violations
   that were detected during the program execution, aa-genprof will reload
   the updated profiles in complain mode and again prompt the user for
   (S)can and (F)inish. This cycle can then be repeated as necessary until
   all application functionality has been exercised without generating
   access violations.

   When the user eventually hits (F)inish, aa-genprof will set the main
   profile, and any other profiles that were generated, into enforce mode
   and exit.

BUGS

   If you find any bugs, please report them at
   <https://bugs.launchpad.net/apparmor/+filebug>.

SEE ALSO

   apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1),
   aa-disable(1), aa_change_hat(2), aa-logprof(1), logprof.conf(5), and
   <http://wiki.apparmor.net>.


More Linux Commands

manpages/XkbGetUpdatedMap.3.html
XkbGetUpdatedMap(3) - Update the client or server map inform
The which parameter is a bitwise inclusive OR of the masks in Table 1. If the needed components of the xkb structure are not already allocated, XkbGetUpdatedMap

manpages/ExtUtils::MakeMaker::Tutorial.3pm.html
ExtUtils::MakeMaker::Tutorial(3pm) - Writing a module with M
This is a short tutorial on writing a simple module with MakeMaker. Its really not that hard. The Mantra MakeMaker modules are installed using this simple mantr

manpages/systemd-initctl.socket.8.html
systemd-initctl.socket(8) dev initctl compatibility.........
systemd-initctl is a system service that implements compatibility with the /dev/initctl FIFO file system object, as implemented by the SysV init system. systemd

manpages/keybound_sp.3ncurses.html
keybound_sp(3ncurses) - curses screen-pointer extension.....
This implementation can be configured to provide a set of functions which improve the ability to manage multiple screens. This feature can be added to any of th

manpages/pam_info.3.html
pam_info(3) - display messages to the user - Linux man page
The pam_info function prints messages through the conversation function to the user. The pam_vinfo function performs the same task as pam_info() with the differ

manpages/ifdown.8.html
ifup(8) - start a pre-configured network interface..........
ifup is used to bring up a pre-configured interface for networking. It is usually invoked by the network script at boot time or by the PCMCIA/hotplug system. It

manpages/App::Prove.3pm.html
App::Prove(3pm) - Implements the "prove" command. (ManPage)
Test::Harness provides a command, prove, which runs a TAP based test suite and prints a report. The prove command is a minimal wrapper around an instance of thi

manpages/ausearch_add_regex.3.html
ausearch_add_regex(3) - use regular expression search rule
ausearch_add_regex adds one search condition based on a regular expression to the current audit search expression. The search conditions can then be used to sca

manpages/curl_getdate.3.html
curl_getdate(3) - Convert a date string to number of seconds
This function returns the number of seconds since January 1st 1970 in the UTC time zone, for the date and time that the datestring parameter specifies. The now

manpages/ber_get_next.3.html
ber_get_next(3) - OpenLDAP LBER simplified Basic Encoding Ru
These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is

manpages/spamd.1.html
spamd(1) - daemonized version of spamassassin (Man Page)....
The purpose of this program is to provide a daemonized version of the spamassassin executable. The goal is improving throughput performance for automated mail c

manpages/sendto.2.html
sendto(2) - send a message on a socket - Linux manual page
The system calls send(), sendto(), and sendmsg() are used to transmit a message to another socket. The send() call may be used only when the socket is in a conn





We can't live, work or learn in freedom unless the software we use is free.