Application Armor is a Linux kernel security module for restricting programs’ capabilities by using per-program profiles.

AppArmor uses the Linux Security Modules (LSM) kernel interface and does not apply to all of the running applications at the system but only on those to which a profile is created and assigned.

It may be required to install an additional package to be able to manage the profiles:

sudo apt install apparmor-profiles -y

The profiles can allow/deny capabilities suck as network, read, write, or execute files on matching paths.

sudo apparmor_status
sudo aa-status

The profiles are located at:

  • ls /etc/apparmor.d/*
  • ls /etc/apparmor.d/disable/*

Create a new profile for an application/script:

sudo aa-genprof /usr/sbin/httpd

Set a profile to complain and enforce modes.

sudo aa-complain /usr/sbin/httpd
sudo aa-enforce /usr/sbin/httpd

Load/reload an altered policy.

sudo apparmor_parser

Read the logs and ask the user if he wants to permit some of the detected forbidden actions.

sudo aa-logprof

Merge the policies.

sudo aa-mergeprof

Force stopping/removing AppArmor.

sudo invoke-rc.d apparmor kill
sudo update-rc.d -f apparmor remove

One Reply to “Enhancing Linux Security with AppArmor no Ubuntu 20.04”

Comments are closed.