Lesson 13

Date: 7/3/2017
Application security and Intrusion detection
Linux System Administration


AppArmor on Ubuntu

  • AppArmor is a kernel module that controls access to files and directories by an application in accordance with an assigned security profile.
    The profiles for each 'confined' application reside in directory /etc/apparmor.d

  • AppArmor profiles have two modes of execution:
    A. Complaining/Learning: profile violations are permitted and logged. Useful for testing and developing new profiles.
    B. Enforced/Confined: enforces profile policy as well as logging the violation.

  • AppArmor comes with Ubuntu, Debian and SuSE distros.



  • Take me to the Course Website