Formula
Group
OS
Keywords
LinuxSecurityAppArmor
Last edited time
Apr 30, 2024 6:54 AM
Slug
Status
Draft
Title
Code inside page
Github
👉 Overview
👀 What ?
AppArmor (Application Armor) is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths.
🧐 Why ?
In the context of cybersecurity, AppArmor is essential as it provides a mechanism to enforce system-level policies and enhance the overall security posture. It helps in mitigating the potential impact of security vulnerabilities in applications and can limit the scope of potential attacks.
⛏️ How ?
To use AppArmor effectively, you need to start by installing it on your Linux system. Most of the Linux distributions come with AppArmor pre-installed. You can then create or update the profiles for each application based on the least privilege principle. AppArmor profiles can be in enforce mode, which enforces the policy defined in the profile, or complain mode, which only logs policy violations.
⏳ When ?
AppArmor was first introduced in Linux kernel version 2.6.36. Its usage has been growing ever since due to its simplicity and effectiveness in managing application access controls.
⚙️ Technical Explanations
From a technical standpoint, AppArmor operates by imposing a set of rules on a per-program basis. These rules include the file paths that the program can read, write, or execute, the POSIX capabilities it can use, and the network access it can have. These rules are defined in profiles that are loaded into the kernel and can be in one of two modes - enforce or complain. In enforce mode, the rules are enforced, and violations are logged. In complain mode, only violation warnings are logged, and no enforcement is done. This mode is useful for developing and debugging profiles. AppArmor also supports a concept of 'hats', where a single profile can have different sets of rules, and a running program can switch between them.