apparmor_status

View documentation for the original command

$ tldr aa-status

apparmor_status

The apparmor_status command provides a summary of the AppArmor security system's status on a Linux system.
It displays information about the AppArmor kernel module, the security policies loaded, and the profiles enforcing those policies.
The output indicates whether AppArmor is enabled and running, lists the loaded profiles (enforce and complain mode), and can provide a summary of processes confined by AppArmor.
It is a valuable tool for system administrators to verify the correct functioning and configuration of AppArmor, ensuring that the intended security policies are being applied.
The command offers a quick way to understand the overall security posture provided by AppArmor.

The output of apparmor_status reflects the current state of AppArmor at the time of execution. Changes made to AppArmor profiles or their enforcement modes after running the command will not be reflected in the previously generated output.

The output typically includes sections like 'apparmor module is loaded', 'apparmor profiles are loaded', 'apparmor profiles are in enforce mode', and 'apparmor profiles are in complain mode'. Understanding these sections is critical for interpreting the overall AppArmor status. Enforce mode profiles actively deny actions violating the policy, while complain mode profiles log violations without denying them.

AppArmor was originally developed by Immunix, Inc. and later acquired by Novell. It is now actively maintained and integrated into various Linux distributions, providing an important security mechanism for application confinement. apparmor_status evolved alongside AppArmor to provide a simple way to verify its operation and policy status.

aa-status(8), aa-enforce(8), aa-complain(8), apparmor(7)