Update cheatsheets

tldr/linux/aa-audit

@@ -0,0 +1,37 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-audit
+
+> Set AppArmor security profiles to audit mode.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-audit.8>.
+
+- Set a profile to audit mode:
+
+`sudo aa-audit {{profile_name}}`
+
+- Set multiple profiles to audit mode:
+
+`sudo aa-audit {{profile1 profile2 ...}}`
+
+- Set a profile to audit mode from a specific directory:
+
+`sudo aa-audit {{[-d|--dir]}} {{/path/to/profiles}} {{profile_name}}`
+
+- Force audit mode even if already applied:
+
+`sudo aa-audit --force {{profile_name}}`
+
+- Set a profile to audit mode without reloading it:
+
+`sudo aa-audit --no-reload {{profile_name}}`
+
+- Remove audit mode for a profile:
+
+`sudo aa-audit {{[-r|--remove]}} {{profile_name}}`
+
+- Display help:
+
+`aa-audit {{[-h|--help]}}`

tldr/linux/aa-cleanprof

@@ -0,0 +1,33 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-cleanprof
+
+> Clean AppArmor security profiles by removing unused rules.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-cleanprof.8>.
+
+- Clean a profile to remove unused rules:
+
+`sudo aa-cleanprof {{profile_name}}`
+
+- Clean multiple profiles at once:
+
+`sudo aa-cleanprof {{profile1 profile2 ...}}`
+
+- Specify the directory containing profiles:
+
+`sudo aa-cleanprof {{[-d|--dir]}} {{/path/to/profiles}} {{profile_name}}`
+
+- Run silently without prompts:
+
+`sudo aa-cleanprof {{[-s|--silent]}} {{profile_name}}`
+
+- Prevent profile reload after cleaning:
+
+`sudo aa-cleanprof --no-reload {{profile_name}}`
+
+- Display help:
+
+`aa-cleanprof {{[-h|--help]}}`

tldr/linux/aa-decode

@@ -0,0 +1,25 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-decode
+
+> Decode AppArmor audit logs into a human-readable format.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-decode.8>.
+
+- Decode a hex string:
+
+`aa-decode {{hexstring}}`
+
+- Decode a log file:
+
+`sudo aa-decode {{logfile}}`
+
+- Decode logs from standard input (e.g., redirected file):
+
+`sudo aa-decode - < {{logfile}}`
+
+- Display help:
+
+`aa-decode {{[-h|--help]}}`

tldr/linux/aa-genprof

@@ -0,0 +1,25 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-genprof
+
+> Generate AppArmor security profiles by monitoring program behavior.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-genprof.8>.
+
+- Start generating a profile for a program:
+
+`sudo aa-genprof {{program_path}}`
+
+- Specify a custom directory for profiles:
+
+`sudo aa-genprof {{[-d|--dir]}} {{/path/to/profiles}} {{program_path}}`
+
+- Specify a custom logfile for profiling:
+
+`sudo aa-genprof {{[-f|--file]}} {{/path/to/logfile}} {{program_path}}`
+
+- Display help:
+
+`aa-genprof {{[-h|--help]}}`

tldr/linux/aa-logprof

@@ -0,0 +1,29 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-logprof
+
+> Interactively update AppArmor security profiles based on logged violations.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-logprof.8>.
+
+- Interactively review and update profiles based on system logs:
+
+`sudo aa-logprof`
+
+- Use a specific directory for AppArmor profiles:
+
+`sudo aa-logprof {{[-d|--dir]}} {{/path/to/profiles}}`
+
+- Use a specific log file instead of the default:
+
+`sudo aa-logprof {{[-f|--file]}} {{/path/to/logfile}}`
+
+- Ignore all log entries before the specified mark:
+
+`sudo aa-logprof {{[-m|--logmark]}} "{{log_marker_text}}"`
+
+- Display help:
+
+`aa-logprof {{[-h|--help]}}`

tldr/linux/aa-mergeprof

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-mergeprof
+
+> Merge AppArmor security profile files into the profile directory.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-mergeprof.8>.
+
+- Merge one or more profile files into the default profile directory:
+
+`sudo aa-mergeprof {{file1 file2 ...}}`
+
+- Merge profile files into a specific directory:
+
+`sudo aa-mergeprof {{[-d|--dir]}} {{/path/to/profiles}} {{file1 file2 ...}}`
+
+- Display help:
+
+`aa-mergeprof {{[-h|--help]}}`

tldr/linux/aa-remove-unknown

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-remove-unknown
+
+> Remove AppArmor profiles that are no longer present in the configuration directory.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-remove-unknown.8>.
+
+- Perform a dry run to see which profiles would be removed:
+
+`sudo aa-remove-unknown -n`
+
+- Actually remove the profiles:
+
+`sudo aa-remove-unknown`
+
+- Display help:
+
+`aa-remove-unknown {{[-h|--help]}}`

tldr/linux/aa-teardown

@@ -0,0 +1,17 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-teardown
+
+> Tear down all AppArmor profiles and disable AppArmor enforcement.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-teardown.8>.
+
+- Disable all AppArmor profiles and stop enforcement:
+
+`sudo aa-teardown`
+
+- Display help:
+
+`aa-teardown {{[-h|--help]}}`

tldr/linux/aa-unconfined

@@ -0,0 +1,25 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# aa-unconfined
+
+> List processes with open TCP/UDP ports that do not have AppArmor profiles loaded.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-unconfined.8>.
+
+- List unconfined processes using the `ss` command (default):
+
+`sudo aa-unconfined`
+
+- Use `netstat` instead of `ss` to detect open network sockets:
+
+`sudo aa-unconfined --with-netstat`
+
+- Show all processes from /proc with TCP/UDP ports and no AppArmor profiles (more detailed):
+
+`sudo aa-unconfined --paranoid`
+
+- Display help:
+
+`aa-unconfined {{[-h|--help]}}`

tldr/linux/apparmor_parser

@@ -0,0 +1,41 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# apparmor_parser
+
+> Load, compile, and manage AppArmor security profiles.
+> More information: <https://gitlab.com/apparmor/apparmor/-/wikis/manpage_apparmor_parser.8>.
+
+- Load a profile into the kernel:
+
+`sudo apparmor_parser {{[-a|--add]}} {{profile_file}}`
+
+- Replace an existing profile:
+
+`sudo apparmor_parser {{[-r|--replace]}} {{profile_file}}`
+
+- Remove a profile from the kernel:
+
+`sudo apparmor_parser {{[-R|--remove]}} {{profile_name}}`
+
+- Load a profile in complain mode (logs violations but doesn't block):
+
+`sudo apparmor_parser {{[-C|--complain]}} {{[-r|--replace]}} {{path/to/profile}}`
+
+- Preprocess a profile (resolve includes) and write binary cache to file:
+
+`apparmor_parser {{[-p|--preprocess]}} {{[-o|--ofile]}} {{path/to/output.cache}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}`
+
+- Preprocess and print binary profile to stdout without loading:
+
+`apparmor_parser {{[-p|--preprocess]}} {{[-S|--stdout]}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}`
+
+- Replace a profile while skipping cache reads:
+
+`sudo apparmor_parser {{[-r|--replace]}} {{[-T|--skip-read-cache]}} {{path/to/profile}}`
+
+- Replace a profile, rebuild cache, and write it to a custom directory:
+
+`sudo apparmor_parser {{[-r|--replace]}} {{[-W|--write-cache]}} {{[-L|--cache-loc]}} {{/path/to/cache}} {{path/to/profile}}`