AppArmor
Definition
AppArmor (Application Armor) is a Linux kernel security module that provides mandatory access control (MAC) by confining programs to a limited set of resources. It uses profiles to define the capabilities of each application, restricting their access to files, network capabilities, and other system resources, thus minimizing the potential damage from vulnerabilities or exploits.
Secure Settings Example
# Example AppArmor profile for a web server
profile webserver /usr/sbin/nginx {
# Allow read access to configuration files
/etc/nginx/** r,
# Allow network access
network inet stream,
# Allow access to specific log files
/var/log/nginx/* rw,
# Deny all other file access
deny /home/** rw,
# Deny execution of any other binaries
deny /bin/** x,
}
Insecure Settings Example
# Insecure AppArmor profile with overly permissive rules
profile webserver /usr/sbin/nginx {
# Allow read and write access to all files
/** rw,
# Allow execution of all binaries
/bin/** x,
# Allow unrestricted network access
network,
}