AppArmor is a Linux kernel security module that restricts program capabilities using per-program profiles.
AppArmor uses the Linux Security Modules (LSM) kernel interface and does not apply to all running applications on the system, only those with a profile created and assigned.
An additional package may be required to manage profiles:
sudo apt install apparmor-profiles -y
Profiles can allow or deny capabilities such as network access, and reading, writing, or executing files on matching paths.
sudo apparmor_status sudo aa-status
Profiles are located at:
- ls /etc/apparmor.d/*
- ls /etc/apparmor.d/disable/*
Create a new profile for an application or script:
sudo aa-genprof /usr/sbin/httpd
Set a profile to complain or enforce mode:
sudo aa-complain /usr/sbin/httpd sudo aa-enforce /usr/sbin/httpd
Load or reload an updated policy:
sudo apparmor_parser
Read the logs and prompt the user to permit any detected forbidden actions:
sudo aa-logprof
Merge policies:
sudo aa-mergeprof
Force stop and remove AppArmor:
sudo invoke-rc.d apparmor kill sudo update-rc.d -f apparmor remove