Application Armor is a Linux kernel security module for restricting programs’ capabilities by using per-program profiles.
AppArmor uses the Linux Security Modules (LSM) kernel interface and does not apply to all of the running applications at the system but only on those to which a profile is created and assigned.
It may be required to install an additional package to be able to manage the profiles:
sudo apt install apparmor-profiles -y
The profiles can allow/deny capabilities suck as network, read, write, or execute files on matching paths.
sudo apparmor_status sudo aa-status
The profiles are located at:
- ls /etc/apparmor.d/*
- ls /etc/apparmor.d/disable/*
Create a new profile for an application/script:
sudo aa-genprof /usr/sbin/httpd
Set a profile to complain and enforce modes.
sudo aa-complain /usr/sbin/httpd sudo aa-enforce /usr/sbin/httpd
Load/reload an altered policy.
Read the logs and ask the user if he wants to permit some of the detected forbidden actions.
Merge the policies.
Force stopping/removing AppArmor.
sudo invoke-rc.d apparmor kill sudo update-rc.d -f apparmor remove