You only need to protect the programs that are exposed to attacks in your particular setup, so only use profiles for those applications you really run. Use the following list to determine the most likely candidates:
To find out which processes are currently running with open network ports and might need a profile to confine them, run aa-unconfined as root.
Example 18-1 Output of aa-unconfined
19848 /usr/sbin/cupsd not confined 19887 /usr/sbin/sshd not confined 19947 /usr/lib/postfix/master not confined 29205 /usr/sbin/sshd confined by '/usr/sbin/sshd (enforce)'
Each of the processes in the above example labeled not confined might need a custom profile to confine it. Those labeled confined by are already protected by AppArmor.
HINT: For More Information
For more information about choosing the the right applications to profile, refer to Section 19.2, Determining Programs to Immunize.