Enforcing Application Security with AppArmor

Contents:

• Check AppArmor Status
• Set AppArmor Enforcing Mode
• Create an AppArmor Application Profile
• Create AppArmor Rules with Audit Logs

Overview

AppArmor is a Linux kernel security module for defining per-application security profiles that restrict the system resources an application can access. This essentially sandboxes an application and prevents it from accessing system resources that can negatively impact the overall system. Through policies, you can provide only the access an application requires.

AppArmor defaults to denying program access instead of allowing it. This provides a more secure environment, but does pose a challenge for new applications, which require a profile for access.

Note

AppArmor runs by default on eLxr 12 images.

For information on the AppArmor project, see AppArmor.net.

Use the instructions in this tutorial to familiarize yourself with the following:

• check AppArmor enforcing status with kernel module parameters and the aa-status user space tool

• set AppArmor enforcing mode

• create an AppArmor profile to manage application access

• create and manage AppArmor rules for application access

You should have a working knowledge of the Linux command line and be familiar with file system semantics and general access requirements.

To continue this tutorial, go to Check AppArmor Status.