帮酷LOGO
  • 显示原文与译文双语对照的内容

AppArmor ("应用装甲") 是用于Linux内核的安全模块,并集成到内核和 Ubuntu Linux中。 如何在Ubuntu或者 Novell Suse Enterprise Linux下禁用MySQL配置文件/服务的AppArmor保护?


使用 apparmor_status 或者 aa状态命令查看有关当前AppArmor策略的各种信息。 将以下命令作为根用户键入或者通过sudo命令使用:

$ sudo apparmor_status

或者

$ sudo aa-status

示例输出:

apparmor module is loaded.
6 profiles are loaded.
6 profiles are in enforce mode./sbin/dhclient/usr/lib/NetworkManager/nm-dhcp-client. action/usr/lib/connman/scripts/dhclient-script/usr/sbin/mysqld/usr/sbin/ntpd/usr/sbin/tcpdump
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode./usr/sbin/mysqld (27816) /usr/sbin/ntpd (31952) 0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

你还可以键入以下命令来查看当前使用 /sys/kernel/security/apparmor/profiles file: 加载的概要文件列表
$ yf_terminology_cat@#@#@#cat_yf_terminology/sys/kernel/security/apparmor/profiles
示例输出:

/sys/kernel/security/apparmor/profiles
/usr/sbin/mysqld (enforce)
/usr/sbin/tcpdump (enforce)
/usr/sbin/ntpd (enforce)
/usr/lib/connman/scripts/dhclient-script (enforce)
/usr/lib/NetworkManager/nm-dhcp-client.action (enforce)
/sbin/dhclient (enforce)

所有apparmor配置文件传统上都存储在/etc/apparmor. d/目录下的varous文件名下的文件中。

禁用一个配置文件的命令

语法为:

sudoln-s/etc/apparmor.d/{profile.name-here}/etc/apparmor.d/disable/sudo apparmor_parser -R/etc/apparmor.d/{profile.name-name-here}

sudo ln -s/etc/apparmor. d/{profile.name-here}/etc/apparmor. d/disable/sudo apparmor_parser -R/etc/apparmor. d/{profile.name-name-here}

要禁用名为 MySQL 换句话说,的配置文件,禁用MySQL服务器的apparmore保护,请输入:

sudoln-s/etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/sudo apparmor_parser -R/etc/apparmor.d/usr.sbin.mysqld

sudo ln -s/etc/apparmor. d/usr.sbin.mysqld/etc/apparmor. d/disable/sudo apparmor_parser -R/etc/apparmor. d/usr.sbin.mysqld

验证是否禁用了mysqld保护:
sudo aa-status
示例输出:

apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode./sbin/dhclient/usr/lib/NetworkManager/nm-dhcp-client. action/usr/lib/connman/scripts/dhclient-script/usr/sbin/ntpd/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode./usr/sbin/ntpd (31952) 0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

如何为MySQL启用( 启用) apparmor保护?

键入以下命令:

sudorm/etc/apparmor.d/disable/usr.sbin.mysqldsudo apparmor_parser -r/etc/apparmor.d/usr.sbin.mysqldsudo aa-status

sudo rm/etc/apparmor. d/disable/usr.sbin.mysqld sudo apparmor_parser -r/etc/apparmor. d/usr.sbin.mysqld sudo aa-status





Copyright © 2011 HelpLib All rights reserved.    知识分享协议 京ICP备05059198号-3  |  如果智培  |  酷兔英语