aa-status

Check status

$ sudo aa-status

$ sudo aa-status --profiled

$ sudo aa-status --enforced

$ sudo aa-status --complaining

$ sudo aa-status --kill

aa-status

aa-status is a utility from the AppArmor security framework that provides a concise overview of the current AppArmor system status. AppArmor is a Linux security module that allows administrators to restrict programs' capabilities with per-program profiles. aa-status reports which AppArmor profiles are currently loaded into the kernel, their operational modes (e.g., enforce or complain), and the number of processes currently running under each profile.

It also indicates the number of processes that are unconfined or not currently restricted by AppArmor. This command is essential for quickly verifying the state of AppArmor enforcement on a system.

Requires root privileges (or sudo) to execute aa-status successfully and display comprehensive information. Running it as a non-privileged user might result in an error or incomplete output. The output can be extensive on systems with many loaded AppArmor profiles.

aa-status reports profiles in different modes:

enforce: In this mode, the profile actively prevents a program from performing actions not permitted by its rules. Any attempts to violate the profile are blocked and logged.

complain: In this mode, the profile does not actively block any actions. Instead, it logs policy violations, allowing administrators to gather information about what a program attempts to do without disrupting its operation. This mode is often used for profiling and debugging new or updated applications.

unconfined: This refers to processes or files that are not currently under the control of any AppArmor profile. aa-status will report the number of processes that are "unconfined" on the system.

AppArmor originated from Immunix and was later acquired by Novell in 2005, which then open-sourced it. It became a core security feature in SUSE Linux Enterprise and openSUSE. Ubuntu adopted AppArmor as its default Mandatory Access Control (MAC) system starting with Ubuntu 7.04 (Feisty Fawn). The aa-status utility has been a fundamental part of the AppArmor toolset since its early development, providing a quick way to inspect the state of the security module.

apparmor(7), aa-enforce(8), aa-complain(8), aa-disable(8), aa-logprof(8)