Secure Suse Linux Server with AppArmor – Howto

Application Armor (AppArmor) is security software just like SELinux. It is currently maintained by Novell and available under Suse Linux enterprise server.

Why use AppArmor (or SELinux) mandatory access control?

Both of these provide a protection against zero-day security flaw. The security flaw allows an attacker to execute any code on server. If AppArmor or SELinux is enabled it will protect Linux applications (such as httpd/squid/ssjhd) from such code.

I found SELinux bit hard to manage and some time it breaks the system. These instructions seem quite easy to me. Christian Boltz explains how to use the YaST AppArmor modules or the command-line tools to secure your server using AppArmor.

From the article:
If you want to secure your server using AppArmor, you have to create and modify the profiles for all the applications you use. This can easily be done using the YaST AppArmor modules or the command-line tools.

The YaST modules are more or less self-explaining, but more for mouse users – and you should never have a mouse attached to your server 😉

Therefore I’ll explain the command-line tools a bit. I’ll also explain some AppArmor basics when needed.

Securing Your Server With AppArmor

Also note that AppArmor packages exists for:

  1. Slackware Linux
  2. Debian Linux
  3. Ubuntu Linux etc.

PS: These tools are not silver bullet but provide little more isolation and makes crackers life littler harder 🙂

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum