From 529b37fbb171e37f9fb7fe30a7fb91a430455b7d Mon Sep 17 00:00:00 2001
From: Prithviraj03 <71976945+Prithviraj03@users.noreply.github.com>
Date: Sat, 14 Jun 2025 12:24:48 -0500
Subject: [PATCH] aa-*, apparmor_parser: add page (#16844)

Co-authored-by: Managor <42655600+Managor@users.noreply.github.com>
Co-authored-by: Wiktor Perskawiec <git@spageektti.cc>
Co-authored-by: Wiktor Perskawiec <wiktor@perskawiec.cc>
---
 pages/linux/aa-audit.md          | 32 ++++++++++++++++++++++++++++
 pages/linux/aa-cleanprof.md      | 28 +++++++++++++++++++++++++
 pages/linux/aa-decode.md         | 20 ++++++++++++++++++
 pages/linux/aa-genprof.md        | 20 ++++++++++++++++++
 pages/linux/aa-logprof.md        | 24 +++++++++++++++++++++
 pages/linux/aa-mergeprof.md      | 16 ++++++++++++++
 pages/linux/aa-remove-unknown.md | 16 ++++++++++++++
 pages/linux/aa-teardown.md       | 12 +++++++++++
 pages/linux/aa-unconfined.md     | 20 ++++++++++++++++++
 pages/linux/apparmor_parser.md   | 36 ++++++++++++++++++++++++++++++++
 10 files changed, 224 insertions(+)
 create mode 100644 pages/linux/aa-audit.md
 create mode 100644 pages/linux/aa-cleanprof.md
 create mode 100644 pages/linux/aa-decode.md
 create mode 100644 pages/linux/aa-genprof.md
 create mode 100644 pages/linux/aa-logprof.md
 create mode 100644 pages/linux/aa-mergeprof.md
 create mode 100644 pages/linux/aa-remove-unknown.md
 create mode 100644 pages/linux/aa-teardown.md
 create mode 100644 pages/linux/aa-unconfined.md
 create mode 100644 pages/linux/apparmor_parser.md

diff --git a/pages/linux/aa-audit.md b/pages/linux/aa-audit.md
new file mode 100644
index 0000000000..feed22b8ba
--- /dev/null
+++ b/pages/linux/aa-audit.md
@@ -0,0 +1,32 @@
+# aa-audit
+
+> Set AppArmor security profiles to audit mode.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-audit.8>.
+
+- Set a profile to audit mode:
+
+`sudo aa-audit {{profile_name}}`
+
+- Set multiple profiles to audit mode:
+
+`sudo aa-audit {{profile1 profile2 ...}}`
+
+- Set a profile to audit mode from a specific directory:
+
+`sudo aa-audit {{[-d|--dir]}} {{/path/to/profiles}} {{profile_name}}`
+
+- Force audit mode even if already applied:
+
+`sudo aa-audit --force {{profile_name}}`
+
+- Set a profile to audit mode without reloading it:
+
+`sudo aa-audit --no-reload {{profile_name}}`
+
+- Remove audit mode for a profile:
+
+`sudo aa-audit {{[-r|--remove]}} {{profile_name}}`
+
+- Display help:
+
+`aa-audit {{[-h|--help]}}`
diff --git a/pages/linux/aa-cleanprof.md b/pages/linux/aa-cleanprof.md
new file mode 100644
index 0000000000..5cd4857b51
--- /dev/null
+++ b/pages/linux/aa-cleanprof.md
@@ -0,0 +1,28 @@
+# aa-cleanprof
+
+> Clean AppArmor security profiles by removing unused rules.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-cleanprof.8>.
+
+- Clean a profile to remove unused rules:
+
+`sudo aa-cleanprof {{profile_name}}`
+
+- Clean multiple profiles at once:
+
+`sudo aa-cleanprof {{profile1 profile2 ...}}`
+
+- Specify the directory containing profiles:
+
+`sudo aa-cleanprof {{[-d|--dir]}} {{/path/to/profiles}} {{profile_name}}`
+
+- Run silently without prompts:
+
+`sudo aa-cleanprof {{[-s|--silent]}} {{profile_name}}`
+
+- Prevent profile reload after cleaning:
+
+`sudo aa-cleanprof --no-reload {{profile_name}}`
+
+- Display help:
+
+`aa-cleanprof {{[-h|--help]}}`
diff --git a/pages/linux/aa-decode.md b/pages/linux/aa-decode.md
new file mode 100644
index 0000000000..ca12cab7c8
--- /dev/null
+++ b/pages/linux/aa-decode.md
@@ -0,0 +1,20 @@
+# aa-decode
+
+> Decode AppArmor audit logs into a human-readable format.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-decode.8>.
+
+- Decode a hex string:
+
+`aa-decode {{hexstring}}`
+
+- Decode a log file:
+
+`sudo aa-decode {{logfile}}`
+
+- Decode logs from standard input (e.g., redirected file):
+
+`sudo aa-decode - < {{logfile}}`
+
+- Display help:
+
+`aa-decode {{[-h|--help]}}`
diff --git a/pages/linux/aa-genprof.md b/pages/linux/aa-genprof.md
new file mode 100644
index 0000000000..987b8eb0cb
--- /dev/null
+++ b/pages/linux/aa-genprof.md
@@ -0,0 +1,20 @@
+# aa-genprof
+
+> Generate AppArmor security profiles by monitoring program behavior.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-genprof.8>.
+
+- Start generating a profile for a program:
+
+`sudo aa-genprof {{program_path}}`
+
+- Specify a custom directory for profiles:
+
+`sudo aa-genprof {{[-d|--dir]}} {{/path/to/profiles}} {{program_path}}`
+
+- Specify a custom logfile for profiling:
+
+`sudo aa-genprof {{[-f|--file]}} {{/path/to/logfile}} {{program_path}}`
+
+- Display help:
+
+`aa-genprof {{[-h|--help]}}`
diff --git a/pages/linux/aa-logprof.md b/pages/linux/aa-logprof.md
new file mode 100644
index 0000000000..ecfafad9e9
--- /dev/null
+++ b/pages/linux/aa-logprof.md
@@ -0,0 +1,24 @@
+# aa-logprof
+
+> Interactively update AppArmor security profiles based on logged violations.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-logprof.8>.
+
+- Interactively review and update profiles based on system logs:
+
+`sudo aa-logprof`
+
+- Use a specific directory for AppArmor profiles:
+
+`sudo aa-logprof {{[-d|--dir]}} {{/path/to/profiles}}`
+
+- Use a specific log file instead of the default:
+
+`sudo aa-logprof {{[-f|--file]}} {{/path/to/logfile}}`
+
+- Ignore all log entries before the specified mark:
+
+`sudo aa-logprof {{[-m|--logmark]}} "{{log_marker_text}}"`
+
+- Display help:
+
+`aa-logprof {{[-h|--help]}}`
diff --git a/pages/linux/aa-mergeprof.md b/pages/linux/aa-mergeprof.md
new file mode 100644
index 0000000000..d5b189268c
--- /dev/null
+++ b/pages/linux/aa-mergeprof.md
@@ -0,0 +1,16 @@
+# aa-mergeprof
+
+> Merge AppArmor security profile files into the profile directory.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-mergeprof.8>.
+
+- Merge one or more profile files into the default profile directory:
+
+`sudo aa-mergeprof {{file1 file2 ...}}`
+
+- Merge profile files into a specific directory:
+
+`sudo aa-mergeprof {{[-d|--dir]}} {{/path/to/profiles}} {{file1 file2 ...}}`
+
+- Display help:
+
+`aa-mergeprof {{[-h|--help]}}`
diff --git a/pages/linux/aa-remove-unknown.md b/pages/linux/aa-remove-unknown.md
new file mode 100644
index 0000000000..0c1e63a6af
--- /dev/null
+++ b/pages/linux/aa-remove-unknown.md
@@ -0,0 +1,16 @@
+# aa-remove-unknown
+
+> Remove AppArmor profiles that are no longer present in the configuration directory.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-remove-unknown.8>.
+
+- Perform a dry run to see which profiles would be removed:
+
+`sudo aa-remove-unknown -n`
+
+- Actually remove the profiles:
+
+`sudo aa-remove-unknown`
+
+- Display help:
+
+`aa-remove-unknown {{[-h|--help]}}`
diff --git a/pages/linux/aa-teardown.md b/pages/linux/aa-teardown.md
new file mode 100644
index 0000000000..e71f8f91fa
--- /dev/null
+++ b/pages/linux/aa-teardown.md
@@ -0,0 +1,12 @@
+# aa-teardown
+
+> Tear down all AppArmor profiles and disable AppArmor enforcement.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-teardown.8>.
+
+- Disable all AppArmor profiles and stop enforcement:
+
+`sudo aa-teardown`
+
+- Display help:
+
+`aa-teardown {{[-h|--help]}}`
diff --git a/pages/linux/aa-unconfined.md b/pages/linux/aa-unconfined.md
new file mode 100644
index 0000000000..106d35441e
--- /dev/null
+++ b/pages/linux/aa-unconfined.md
@@ -0,0 +1,20 @@
+# aa-unconfined
+
+> List processes with open TCP/UDP ports that do not have AppArmor profiles loaded.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-unconfined.8>.
+
+- List unconfined processes using the `ss` command (default):
+
+`sudo aa-unconfined`
+
+- Use `netstat` instead of `ss` to detect open network sockets:
+
+`sudo aa-unconfined --with-netstat`
+
+- Show all processes from /proc with TCP/UDP ports and no AppArmor profiles (more detailed):
+
+`sudo aa-unconfined --paranoid`
+
+- Display help:
+
+`aa-unconfined {{[-h|--help]}}`
diff --git a/pages/linux/apparmor_parser.md b/pages/linux/apparmor_parser.md
new file mode 100644
index 0000000000..a7273f1c33
--- /dev/null
+++ b/pages/linux/apparmor_parser.md
@@ -0,0 +1,36 @@
+# apparmor_parser
+
+> Load, compile, and manage AppArmor security profiles.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_apparmor_parser.8>.
+
+- Load a profile into the kernel:
+
+`sudo apparmor_parser {{[-a|--add]}} {{profile_file}}`
+
+- Replace an existing profile:
+
+`sudo apparmor_parser {{[-r|--replace]}} {{profile_file}}`
+
+- Remove a profile from the kernel:
+
+`sudo apparmor_parser {{[-R|--remove]}} {{profile_name}}`
+
+- Load a profile in complain mode (logs violations but doesn't block):
+
+`sudo apparmor_parser {{[-C|--complain]}} {{[-r|--replace]}} {{path/to/profile}}`
+
+- Preprocess a profile (resolve includes) and write binary cache to file:
+
+`apparmor_parser {{[-p|--preprocess]}} {{[-o|--ofile]}} {{path/to/output.cache}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}`
+
+- Preprocess and print binary profile to stdout without loading:
+
+`apparmor_parser {{[-p|--preprocess]}} {{[-S|--stdout]}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}`
+
+- Replace a profile while skipping cache reads:
+
+`sudo apparmor_parser {{[-r|--replace]}} {{[-T|--skip-read-cache]}} {{path/to/profile}}`
+
+- Replace a profile, rebuild cache, and write it to a custom directory:
+
+`sudo apparmor_parser {{[-r|--replace]}} {{[-W|--write-cache]}} {{[-L|--cache-loc]}} {{/path/to/cache}} {{path/to/profile}}`