Application Armor (AppArmor) is security software just like SELinux. It is currently maintained by Novell and available under Suse Linux enterprise server.
Why use AppArmor (or SELinux) mandatory access control?
Both of these provide a protection against zero-day security flaw. The security flaw allows an attacker to execute any code on server. If AppArmor or SELinux is enabled it will protect Linux applications (such as httpd/squid/ssjhd) from such code.
I found SELinux bit hard to manage and some time it breaks the system. These instructions seem quite easy to me. Christian Boltz explains how to use the YaST AppArmor modules or the command-line tools to secure your server using AppArmor.
From the article:
If you want to secure your server using AppArmor, you have to create and modify the profiles for all the applications you use. This can easily be done using the YaST AppArmor modules or the command-line tools.
The YaST modules are more or less self-explaining, but more for mouse users - and you should never have a mouse attached to your server ;-)
Therefore I'll explain the command-line tools a bit. I'll also explain some AppArmor basics when needed.
Also note that AppArmor packages exists for:
- Slackware Linux
- Debian Linux
- Ubuntu Linux etc.
PS: These tools are not silver bullet but provide little more isolation and makes crackers life littler harder :)TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!
- 30 Cool Open Source Software I Discovered in 2013
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop