Secure Ubuntu
Desktop Training - Ubuntu

AppArmor can help protect your Ubuntu 8.10 against many of the known attacks as well as attacks against your system that are currently unknown.  In other words, AppArmor can protect your system from attacks that have not developed yet.  How does it do this?

AppArmor attempts to protect processes on the server or desktop from security threats. AppArmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. AppArmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect.

When you have many software applications on a system you have the risk of hosting software flaws that you are not aware of. These software flaws provide avenues of access for attackers to compromise your system. Exploits that are discovered and on the same day that they are used to crack a system by an attacker are called zero-day exploits. AppArmor provides protection against these kinds of attacks by protecting against known and unknown vulnerabilities.

 

How to Create a Profile
AppArmor vs. SELinux


Create a Profile: Movie

Setting Enforce Mode: Movie
The Future of AppArmor: Movie
Obtain Pre-Made Profiles: Movie

History of AppArmor

AppArmor has it's history connected to the Linux Security Modules and the SELinux project that was developed by the National Security Agency. Both SELinux and AppArmor use these modules developed with security in mind.

The purpose of SELinux is an extensive level of access control which is implemented throughout the entire Linux system. The kernel modules that are a part of SELinux implement user-space configuration tools on 3 separate types of Mandatory Access Control(Type enforcement, role-based access and multi-level security).

Purpose of AppArmor

The general purpose is to provide additional security to your desktop or server running AppArmor. The way this is done is that restrictions are placed on the application in terms of what it can do and what resources it may access. AppArmor is application centric. In other words, AppArmor has it's focus on limiting the behavior of applications on an individual basis whereas SELinux is a system wide concept. AppArmor has the focus in thinking in terms of guarding individual programs. The theory is that at the application level is where the major of security issues arise.


Copyright CyberMontana Inc. and BeginLinux.com
All rights reserved. Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874