How to check AppArmor Status Ubuntu 20.10?

check AppArmor Status

What is AppArmor?

AppArmor is a Mandatory Access Control (MAC) framework which is a part of Kernel (LSM) upgrade to keep projects to a restricted arrangement of assets. AppArmor’s security model is to tie access control credits to programs as opposed to clients.

AppArmor repression is given through profiles stacked into the portion, regularly on boot. AppArmor profiles can be in one of two modes: enforcement and complaint.

Profiles stacked in requirement mode will bring about the authorization of the arrangement characterized in the profile just as revealing strategy infringement endeavors (either by means of syslog or auditd).

Profiles in complaint mode won’t implement strategy yet rather report strategy infringement endeavors.

How to check AppArmor Status with aa-status command

To check AppArmor status we use the command aa-status. This command will show the various information like the list of loaded AppArmor module, current AppArmor policy, the command requires sudo to access.

I’ll show you example what we look like when you pass aa-status.

sudo aa-status

It will show you the first AppArmor module is loaded and 33 profiles are loaded and 31 profiles are in enforce mode.

shen@pop-os:~$ sudo aa-status 
[sudo] password for shen: 
apparmor module is loaded.
33 profiles are loaded.
31 profiles are in enforce mode.
2 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
3 processes have profiles defined.
3 processes are in enforce mode.
   /usr/sbin/cups-browsed (895) 
   /usr/sbin/cupsd (759) 
   /usr/sbin/haveged (752) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.

It will list down all the process names and number of process, directory. Above you can see it show 0 processes in kill mode, mixed mode, profile defined, and in complain mode.

Read this: Latest:2020 How to Mount and Unmount File System in Linux?

There are many options which you can use with aa-status like –enabled, –profiled, –enforced, –complaining, –kill, –special-unconfined, –verbose, –json, –pretty-jsoon, –help.

If you want to see aa-status in JSON format that also you can achieve by passing command

sudo aa-status --pretty-json 


	"version":	"2",
	"profiles":	{
		"/usr/bin/evince":	"enforce",
		"/usr/bin/evince-previewer":	"enforce",
		"/usr/bin/evince-previewer//sanitized_helper":	"enforce",
		"/usr/bin/evince-thumbnailer":	"enforce",
		"/usr/bin/evince//sanitized_helper":	"enforce",
		"/usr/bin/lxc-start":	"enforce",
		"/usr/bin/man":	"enforce",
		"/usr/lib/NetworkManager/nm-dhcp-client.action":	"enforce",
		"/usr/lib/NetworkManager/nm-dhcp-helper":	"enforce",
		"/usr/lib/connman/scripts/dhclient-script":	"enforce",
		"/usr/lib/cups/backend/cups-pdf":	"enforce",
		"/usr/sbin/cups-browsed":	"enforce",
		"/usr/sbin/cupsd":	"enforce",
		"/usr/sbin/cupsd//third_party":	"enforce",
		"/usr/sbin/haveged":	"enforce",
		"/usr/sbin/mysqld":	"enforce",
		"/{,usr/}sbin/dhclient":	"enforce",
		"ippusbxd":	"enforce",
		"libreoffice-senddoc":	"enforce",
		"libreoffice-soffice//gpg":	"enforce",
		"libreoffice-xpdfimport":	"enforce",
		"lsb_release":	"enforce",
		"lxc-container-default":	"enforce",
		"lxc-container-default-cgns":	"enforce",
		"lxc-container-default-with-mounting":	"enforce",
		"lxc-container-default-with-nesting":	"enforce",
		"man_filter":	"enforce",
		"man_groff":	"enforce",
		"nvidia_modprobe":	"enforce",
		"nvidia_modprobe//kmod":	"enforce",
		"tcpdump":	"enforce",
		"libreoffice-oopslash":	"complain",
		"libreoffice-soffice":	"complain"
	"processes":	{
		"/usr/bin/less":	[{
				"profile":	"/usr/bin/man",
				"pid":	"117499",
				"status":	"enforce"
		"/usr/bin/man":	[{
				"profile":	"/usr/bin/man",
				"pid":	"117489",
				"status":	"enforce"
		"/usr/sbin/cups-browsed":	[{
				"profile":	"/usr/sbin/cups-browsed",
				"pid":	"895",
				"status":	"enforce"
		"/usr/sbin/cupsd":	[{
				"profile":	"/usr/sbin/cupsd",
				"pid":	"759",
				"status":	"enforce"
		"/usr/sbin/haveged":	[{
				"profile":	"/usr/sbin/haveged",
				"pid":	"752",
				"status":	"enforce"

Now status is loaded into JSON format, Other options are available to use you can learn more about this go through the man page.

Leave a Reply