aa-status

Check AppArmor status

$ sudo aa-status

$ sudo aa-status --json

$ sudo aa-status --pretty-json

$ sudo aa-status --profiled

$ sudo aa-status --enforced

$ sudo aa-status --complaining

$ sudo aa-status --kill

aa-status [option]

aa-status reports the current state of AppArmor confinement on the system. By default, it displays a summary of loaded profiles grouped by enforcement mode (enforce, complain, kill, unconfined), the number of confined processes, and which profiles apply to them. Individual flags can query specific counters for use in scripts. The --json and --pretty-json flags provide machine-parseable output suitable for monitoring and automation pipelines.

--enabled

Returns error code if AppArmor is not active

Shows count of loaded AppArmor policies

Shows count of enforcing policies

Shows count of non-enforcing policies

Shows count of enforcing policies that terminate tasks on violations

Shows count of unconfined mode policies

Shows processes confined by stacked profiles in different modes

Displays comprehensive AppArmor policy data (default behavior)

Outputs policy data in JSON format for machine processing

Provides human and machine-readable JSON output

Displays usage information

Exit codes indicate different states: 0 = enabled with policy, 1 = not enabled, 2 = enabled but no policy, 3 = control files unavailable, 4 = insufficient privileges.

Part of the AppArmor utilities package for managing application security profiles on Linux systems.

aa-enforce(8), aa-complain(8), aa-disable(8), apparmor(7)