You only need to protect the programs that are exposed to attacks in your particular setup, so only use profiles for those applications you actually run. Use the following list to determine the most likely candidates:
Network Agents |
Web Applications |
Cron Jobs |
To find out which processes are currently running with open network ports
and might need a profile to confine them, run
aa-unconfined as root
.
Example 18.1. Output of aa-unconfined
19848 /usr/sbin/cupsd not confined 19887 /usr/sbin/sshd not confined 19947 /usr/lib/postfix/master not confined 29205 /usr/sbin/sshd confined by '/usr/sbin/sshd (enforce)'
Each of the processes in the above example labeled not
confined
might need a custom profile to confine it. Those
labeled confined by
are already protected by AppArmor.
![]() | For More Information |
---|---|
For more information about choosing the the right applications to profile, refer to Section 19.2, “Determining Programs to Immunize”. |