What is apparmor?

1

Linux Apparmor Security Tool

Controlling Resources with Apparmor

What is AppArmor? AppArmor is a security feature that can be found on many Linux distributions. SLES (SUSE Linux Enterprise Server), openSUSE and Ubuntu are some of the distributions that ship with this product. Apparmor is a kernel enhancement that aims to confine programs to a limited set of resources. What makes Apparmor different to other security tools is that it binds access control attributes to programs rather than to individual users.

Apparmor confinement is provided by special profiles which are loaded into the kernel. These profiles can run in two modes: "complain mode" or "enforce mode".


Complain Mode

Profiles loaded in this manner will not enforce policy. In this mode policy violations will be recorded. This profile is useful for developing profiles. The management of profiles in "complain mode" is carried out with the utilities "aa-complain" and...

0 0
2

--- What is AppArmor? --- AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task "profiles" being created and loaded from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions. --- How to enable/disable --- set CONFIG_SECURITY_APPARMOR=y If AppArmor should be selected as the default security module then set CONFIG_DEFAULT_SECURITY="apparmor" and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 Build the kernel If AppArmor is not the default security module it can be enabled by passing security=apparmor on the kernel's command line. If AppArmor is the default security module it can be disabled by passing apparmor=0, security=XXXX (where XXX is valid security module), on the kernel's command line For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see...

0 0
3

Apparmor - How to use it

By Rainer Wichmann rainer@nullla-samhna.de (last update: Apr 29, 2013)

What is Apparmor

Apparmor is a Linux security mechanism that restricts what a process can do. E.g. if you are browsing the web using firefox, and firefox is restricted by an apparmor profile, then the firefox process can only do things that are allowed by this profile. As an example, one of these restrictions might be that within the user's home directory, firefox can only write to ~/Downloads (for downloaded files) and to the ~/.firefox directory tree (configuration data, cache, etc.). In reality, at least the Ubuntu apparmor profile for firefox allows much more, and its usefulness seems a little questionable.

An important property of apparmor is that apparmor profiles restrict processes based on the path of the executable. Thus apparmor does not provide any protection against a rogue local user who may copy an executable to another location and run...

0 0
4

Introduction

AppArmor is a Mandatory Access Control (MAC) system which is a kernel (LSM) enhancement to confine programs to a limited set of resources. AppArmor's security model is to bind access control attributes to programs rather than to users. AppArmor confinement is provided via profiles loaded into the kernel, typically on boot. AppArmor profiles can be in one of two modes: enforcement and complain. Profiles loaded in enforcement mode will result in enforcement of the policy defined in the profile as well as reporting policy violation attempts (either via syslog or auditd). Profiles in complain mode will not enforce policy but instead report policy violation attempts.

AppArmor differs from some other MAC systems on Linux: it is path-based, it allows mixing of enforcement and complain mode profiles, it uses include files to ease development, and it has a far lower barrier to entry than other popular MAC systems.

AppArmor is an established technology...

0 0
5

What is AppArmor?¶

AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task “profiles” being created and loaded from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions.

How to enable/disable¶

set CONFIG_SECURITY_APPARMOR=y

If AppArmor should be selected as the default security module then set:

CONFIG_DEFAULT_SECURITY="apparmor" CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1

Build the kernel

If AppArmor is not the default security module it can be enabled by passing security=apparmor on the kernel’s command line.

If AppArmor is the default security module it can be disabled by passing apparmor=0, security=XXXX (where XXXX is valid security module), on the kernel’s command line.

For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be...

0 0
6

"The new application, GatorSafe, has all of the requested features at a fraction of the cost of the application the University was previously using... I can't think of any other company that has been as easy and beneficial to work with."

Edward Posey

"SafeCampus, UND's new mobile safety app from AppArmor, offers the most comprehensive and decisive menu of functions along with some groundbreaking features such as location tracking with Mobile Bluelight and Friend Walk. This gives our campus community members instant access and assistance capabilities so we can keep our campus safe."

Eric Plummer

"The customer service has been excellent and has made customization to fit our needs and our unique College brand amazingly easy. The app itself offers so many safety and security features that enhance our security function within our 5 campuses and 2 centers. It has received raving reviews...

0 0
7

AppArmor is a security tool and uses name-based mandatory access controls to restrict or confine system access by "at risk" applications. "At risk" applications generally include both server and client applications with network access. In this post I will use Firefox as an example.

The goal is to apply application specific rules or "profiles" to "confine" Firefox, or any other application, to only the directories, files, and posix 1003.1e draft capabilities needed for normal functioning. In the event Firefox is compromised, Apparmor's confinement helps to prevent the compromising of the system as a whole.

AppArmor is a powerful program and, when an application is confined, AppArmor can restrict the activity of even the root user. AppArmor was designed as an alternative to SELinux and is designed to be easier to use.

AppArmor is configured by writing a profile for an application. Profiles are written one application at at time and and typically targeted at...

0 0
8

Welcome to the AppArmor security project wiki, the wiki for users and developers of the AppArmor security project.

Description

AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.


More details about AppArmor can be found in the documentation

Distributions and Ports

Distributions that include AppArmor:

Any derivatives of these...

0 0
9

What is AppArmor?

AppArmor is an mandatory access control (MAC) like security system for Linux. It is designed to work with standard Unix discretionary access control (DAC) permissions while being easy to use and deploy, by allowing an admin to confine only specific applications.

What is mandatory access control (MAC)?

Mandatory access control is a security method where what is allowed is explicitly defined by policy. A user or program can not do any more than is allowed by the policy confining it.

What is DAC?

DAC stands for discretionary access control and is the standard Unix/Linux permission system consisting of a subject (ie owner, group and other) and its access permission (ie, read, write, execute, setuid, setgid and sticky).

What is Default Deny (White listing)

Default deny describes the default action applied to a request that is not listed in policy, in this case deny. Policy that is based on default deny provides a...

0 0