How To: Remove AppArmor From Ubuntu

In today’s article, we’re going to learn how to remove AppArmor from Ubuntu. This will work for other distros, like Debian. It’s actually not a very difficult task to remove AppArmor from Ubuntu, but it’s not something you necessarily want to do. Just because you can, doesn’t mean you should…

As many of you know, I write many of these articles based on the notes I’ve taken over the years. I’m a little reluctant to write this one, because removing AppArmor is probably not the best of choices.

AppArmor is similar to the various jails and application isolation techniques. It’s a security tool that restricts applications to a constrained set of resources. If the application is then compromised, it only has access to that set of resources and not to the whole system.

In other words, unless you know what you’re doing, you almost certainly don’t want to remove AppArmor from Ubuntu. In fact, if you don’t know what you’re doing then doing this is almost certainly a ‘not-bright’ choice.

If you’re going to remove AppArmor, you should consider replacing it with something else. SELinux is an option that’s similar, though I suppose you could use something like Firejail and be prepared to craft your own application profiles.

Again, removing AppArmor from Ubuntu (or whatever distro you’re using that has it) is probably not a good idea. I include the article because the information is already out there and because some folks may just decide to operate their system without such protections. This is Linux, you have the freedom to make bad choices. This isn’t even the first time I’ve shown you how to make bad choices.

Remove AppArmor From Ubuntu:

Like oh so many of these articles, you’re gonna need an open terminal. Just press CTRL + ALT + T and your default terminal should open. (I say that a whole lot on this site.)

We should first check to ensure AppArmor exists and is running. To do so, enter the following command:

What you’re looking for is several lines into the output. You’re looking for ‘apparmor module is loaded‘. If you see that, AppArmor both exists and is running. So, the next step in removing AppArmor is to stop the service. You do that with:

In case AppArmor is somehow installed again, we’ll make sure that it won’t start at boot by disabling the service entirely. That seems like a good idea.

Finally, we nuke AppArmor from existence with a purge command:

And that should do it. You probably want to reboot, just to make sure there are no tendrils sticking around – but stopping the service first should mean you don’t need to. Either way, you have now removed AppArmor from your system – assuming you followed the directions.

Closure:

Again, and I can’t stress this enough, don’t do this unless you know what you’re doing and unless you have something to replace AppArmor with. It’s really a bad idea and you’ll gain very little. I wouldn’t even do this with a system air-gapped from the network, unless I had a very good reason to do so.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 2 Average: 5]

How To: Completely Remove Software In Ubuntu

Today’s article is going to show you how to completely remove software in Ubuntu. This will also work for other distros that use apt as their package manager. It’s a pretty handy tool to have in your toollbox, because we’ll not only be removing software, we’ll also be removing any config files associated with said software. It’s not all that difficult, and anyone should be able to understand this article.

When you ‘remove’ software, be it with the GUI or with the terminal, you’re actually only removing the software itself. You’re often leaving behind the config files (if there are any) and the ‘remove’ may leave dependencies still installed. The reasoning for leaving config files behind is presumably so that you can reinstall the software and have the same configurations you had earlier in time.

As you can guess, that’s not always a good thing… It may well be those configuration files that caused some sort of error in the first place. It may well be those config files that prompted you to remove the software in the first place. Erasing and starting anew might be your only realistic path forward, especially if reverting to backups did not work.

So… That’s why we have this article. This article is going to teach you how to completely remove software in Ubuntu. If you want, you can still try removing software and reinstalling (as a troubleshooting step), and this then becomes one of your later troubleshooting strategies. Read on, and you’ll see…

Completely Remove Software In Ubuntu:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

When you remove software with the terminal, you probably do it like so:

That’s great. It removes the application and may even remove some of the dependencies it pulled in when you installed it. This is not necessarily a bad thing – but we want to completely remove software in Ubuntu, and this is how you do it.

As I said in the preamble, using the above command will likely leave your configuration files behind (if there are any) and some dependencies. With the ‘purge’ command, you’ll get rid of those configuration files. To do this, you’ll want to:

While that’s great and all, when you installed your application you may well have installed some other applications (dependencies), that is some applications that the software depended on. Those too may have config files related with them and to really ensure you’ve completely removed the software, you’ll want to do an autoremove. 

If you’re unfamiliar with the autoremove function of apt, the man page has it summed up nicely:

autoremove is used to remove packages that were automatically installed to satisfy dependencies for other packages and are now no longer needed as dependencies changed or the package(s) needing them were removed in the meantime.

You don’t specify an application with the ‘autoremove’ command,  you just run:

That should do it, actually. The last command should remove any dependencies that were installed and not removed automatically when you purged the software with the commands above.

Closure:

And there you have it! It’s another article! I still haven’t missed a day, and I’m well beyond my initial obligations. This time, the article tells you how to completely remove software in Ubuntu – and it’ll work in any distro that uses apt. It’s a pretty simple thing, but it’s worth knowing. Eventually, it’s bound to come in handy.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 2 Average: 5]

Prevent Application Updates With ‘YUM-VERSIONLOCK’

I recently wrote a similar article, illustrating how you can use ‘apt-mark’ to prevent application updates. While that was handy, it only applied to those who use APT as their package manager. It offered nothing of value to those who use YUM.

This article will explain how you can prevent application updates with ‘yum-versionlock’. You will learn how you can temporarily prevent application updates when you have no choice but to.

In the previous article, I explained that you should always use the most up-to-date software that you can, at least if your system is connected to the public internet. Software updates provide security fixes, not just bug fixes.

Not updating means you’re vulnerable and your vulnerabilities may impact other users. For example, your computer may become a part of a botnet, a spam relay, or even be used as a command and control device for those things. As a global citizen of the ‘net, you’re obligated to do what you can to minimize harm.

So, it is possible to prevent application updates, but you really should only do so when it’s absolutely necessary. In an ideal world, you’d be able to always use the updated version, but we don’t live in that world. We live in the real world, where we have things like compliance and compatibility issues. 

YUM, what is it? YUM stands for Yellowdog Updater, Modified. It’s a package management utility for RPM based distros. You’ll find YUM in distros like RHEL, Fedora, and even OpenSUSE. It’s fairly widely used, though many of the RPM-based distros are more prominent in the server space than they are in the desktop space.

These days there’s actually DNF (which stands for Dandified YUM – don’t blame me, I don’t name these things) but that’s not important today. Today, we’ll be using ‘YUM-VERSIONLOCK‘ to prevent application updates.

Prevent Updates with ‘yum-versionlock’

Unlike ‘apt-mark’, you’ll need to install something in order to do this. It should also be mentioned that there are other ways to accomplish this, but this is the easiest way to prevent application updates. Using versionlock is the most straightforward way of accomplishing this.

First, you’re gonna need to crack open your terminal. You can do that by using your keyboard. Just press CTRL + ALT + T

Once your terminal is open, you’ll need to install ‘yum-versionlock’. You can try this first:

If that gives you an error, I can’t figure out where the name changed, then you can most likely install it with:

Once you have it installed, you can check the man page to see how you use it. Even if you installed it with the second command, the man page is still found at:

The one-liner quite accurately defines versionlock as:

yum-versionlock – Version lock rpm packages

Anyhow, to use it to hold a package at its current version, you simply use:

NOTE: The command supports wildcards. You can use an asterisk with this command. The command will give you feedback. You can also use ‘add’, but it’s redundant.

If you want to remove the lock, which you should do as soon as realistically possible, then the command is fairly evident. It’s just:

If you, like me, don’t always keep the best notes and don’t have the greatest memory, then you can list the locked packages with this command:

There’s no need for elevated permissions with that command, but it will take a little while for it to complete. It will output any locked packages and you can unlock them individually. Again, you can use wildcards in this command.

However, you can remove all the locks with just one command:

As you might expect, that removes all the locks and your system will resume updating normally. You should not keep software locked to one version for long. Though you may be using a LTS-type distro, only getting minor point release upgrades, you are still getting security updates. Keeping your system secure makes you a good netizen. 

Closure:

And there you have it. Another article in the books, this one explaining how to stop updates for specific applications. Thanks for reading and feel free, nay encouraged, to leave feedback. If you have any ideas for articles, feel free to share them. You can also contribute by writing your own article. I’ll even edit it up for you!

Don’t forget that there’s a newsletter (we never spam or share your address with anyone, it’s all in-house) and you can even donate. I’d kinda like the site to at least pay for itself, simply out of principle. If not, there are ads you can unblock! Even if you do none of those things, there are good odds that I’ll keep this site up, running, and interesting.

Smash a button!
[Total: 0 Average: 0]

Prevent Application Updates With ‘APT-MARK’

While unwise, there are times when you need to prevent application updates. You can do this with ‘apt-mark’ and this article will explain how. Obviously, this method is only effective if you use a Linux distro that has an APT-based package manager.

For the most part, you should always keep your software updated. However, that’s a rule for the Ideal World®. For the rest of us, those of us that live in the Real World®, you’ll almost certainly run into an eventuality that requires you to keep an existing, specific version of software.

While entirely stupid and irresponsible, I kept a version of Thunderbird past its due date because the update simply ruined my existing installation. I only kept that outdated version long enough to make the leap to a more recent distro version. The tool I used to prevent application updates was apt-mark.

You will have your own reasons, from compliance to stability to functionality, for keeping the same version of your installed software. You should only use this sparingly, only as necessary, when there’s simply no other solution. This should also be a temporary measure. You should always try to use the upgraded software because there are (possibly) security implications if you don’t.

A little about APT

While we’ll technically be using ‘apt-mark‘, it should be mentioned that APT stands for Advanced Package Tool. It’s the default package manager that is used in many distros, mostly Debian and those of Debian descent. So, you’ll see it in everything from Ubuntu to Linux Mint. 

In the desktop scene, I suspect it’d be the most common of all package management tools. Even if you use a different distro with a different package manager, you should probably have a basic familiarity.

Using ‘apt-mark’ hold and unhold

The tool we’ll be using is ‘apt-mark’, and the man page helpfully defines it as:

apt-mark – show, set and unset various settings for a package

We’ll only be concentrating on a couple of commands, those necessary when you want to prevent application updates, plus one extra command that will help you keep track of the two commands we’ll be focusing on.

The first of those two commands is ‘hold’. This command is used when you want to ‘hold’ a package at its current version, preventing upgrades. Remember, this should really be used only when there’s no other solution, as many upgrades fix security issues as well as bugs. It’s actually a fairly simple command.

When you enter this command, you’ll get a confirmation message. It will tell you that the application is now being held. It will remain held until you ‘unhold’ it. So, it’s a set-it-and-forget-it type of deal, though you shouldn’t really forget it. You should undo it as soon as you realistically can.

To reverse the restriction, resuming your normal updates, you simply need to ‘unhold’ it. The command is fairly obvious, and it looks like this:

That will free the hold on the package and tell you that the hold has been lifted. The package should then upgrade as necessary and as issued. If new upgrades show up in the repositories, it should function as normal and upgrade like it did prior to the hold.

If you are like me, you may well forget that you’ve held packages back. The package names are often long and nonsensical, so they’re easy to forget. In the heat of the moment, you may have forgotten to make a note of the package(s) you’ve held.

Don’t worry, ‘apt-mark’ has you covered! When you want to know what packages are being held, just run this command:

Note the lack of ‘sudo’ in that command. You don’t need sudo because you don’t need elevated permissions to list held packages. You only need elevated permission if you want to change something. As that command only lists them, you can run it as a normal user.

The apt-mark command has a ton of other uses, this is not an all-inclusive article. You can always see the man page for more help and the rest of the features. This article is only covering the ‘hold’ and ‘unhold’ functions. Maybe there will be another article covering other aspects, but this limited in scope – preventing application updates.

Like always, thanks for reading and I appreciate the feedback! Don’t forget that the site has ads enabled and that you can donate. So, if this article helped you learn how to prevent application updates then show some love! Otherwise, sign up for the newsletter or share this article with your friends on social media. Thanks!

 

Smash a button!
[Total: 2 Average: 5]
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.