Apparmor on Ubuntu Systems
Server - Ubuntu

 

Ubuntu ApparmorAs security issues continue to rise, new strategies for security are imperative. This is most often true with servers and networked computers because of the implications for a business. Two options have developed which are modifications of mandatory access control, Apparmor and SELinux. Apparmor is is a Linux Security Module (LSM) which uses name-based mandatory access controls to protect the operating system. Apparmor is designed to protect individual applications, like apache, and restrict access to the application to predescribed settings that demonstrate normal usage. SELinux or Security Enhanced Linux was developed by the US National Security Agency to address the increased need for security on servers and managing the daemons that exist on the server. SELinux integrates the security architecture into the kernel using Linux Security Modules (LSM).

Ubuntu has chosen Apparmor as the security vehicle for servers. Currently, SELinux is not wholly functional on Ubuntu even if an administrator wanted to use it.

When a multi-user system exists, the environment must determine the exact rights of each account on the system. In addition, the environment must protect the system integrity. This process is called access control. The basic Linux system uses discretionary access control or DAC. In this system each file, directory, program, etc. is labeled to indicate which users and groups have specific read/write/execute rights to that object. This method has worked well for a long time. User discretion is the basic aspect of this control mechanism. In a discretionary mechanism programs run with the rights of the user that is operating the program. This protects the entire system. However, some programs run in setsuid root enabling root rights for all users who use the program. Of course there are huge dangers if the program has a problem with the code or if an attacker targets the whole system because they have gained root rights using one of these programs. For example, if a user gained root access to Bind they may gain root access to the entire system.

In order to deal with the problems of discretionary access control, an alternative was developed called mandatory access control or MAC. With this method users no longer control access but real access is controlled by security policies. Security polices define the rights of specific users and programs within the system. MAC bases the security for objects not only on user rights but also any other information which may impact security on the system as a whole. MAC lives by the principle of least privilege which only allows programs the very minimum needed to function. The result of this type of system is that since a root superuser is not used, a compromise does not provide access to the whole system. The problem with these types of programs is that they are difficult to manage, with their main application being for military systems.

The third type of system that is available is the MAC/DAC combination. This option provides some of the features of each. One modified version of MAC exists in Apparmor which is used by Ubuntu and Suse. Apparmor supplements the discretionary access control with MAC options.

Apparmor attempts to protect processes on the server from security threats. Apparmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. Apparmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect.

When you have many software applications on a system you have the risk of hosting software flaws that you are not aware of. These software flaws provide avenues of access for attackers to compromise your system. Exploits that are discovered and on the same day that they are used to crack a system by an attacker are called zero-day exploits. Apparmor provides protection against these kinds of attacks by protecting against known and unknown vulnerabilities.