Differences between revisions 9 and 10
Revision 9 as of 2014-07-23 11:14:59
Size: 1848
Editor: HolgerLevsen
Comment: audit logs are in syslog, recommend systemd 204
Revision 10 as of 2014-07-23 14:59:20
Size: 1880
Editor: HolgerLevsen
Comment: slightly improve wording
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
Using systemd 204-14 from wheezy-backports is recommended, but not mandatory. If you are using wheezy, upgrading to systemd 204-14 from wheezy-backports is recommended, but not mandatory.

Translation(s): none


Requirements

A Debian 7 "Wheezy" or newer GNU/Linux system is required.

If you are using wheezy, upgrading to systemd 204-14 from wheezy-backports is recommended, but not mandatory.

Install software

Install AppArmor userspace tools and some contributed profiles:

$ sudo apt-get install apparmor apparmor-profiles apparmor-utils

Enable AppArmor

Enable the AppArmor LSM:

$ sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$1 apparmor=1 security=apparmor",' /etc/default/grub
$ sudo update-grub
$ sudo reboot

Inspect the current state

See what running executables are currently confined by an AppArmor profile:

$ ps auxZ | grep -v '^unconfined'

Enable / install more profiles

Find more profiles:

Once you've dropped the new profile into /etc/apparmor.d/, use apparmor_parser(8) to insert it into the kernel.

For example, to set all "extra" profiles (provided in the apparmor-profiles package) to complain mode (security policy is not enforced, but corresponding access violations are logged), do the following:

cd /usr/share/doc/apparmor-profiles/extras
cp -i *.* /etc/apparmor.d/
for f in *.* ; do aa-complain /etc/apparmor.d/$f; done

To set these profiles to enforce mode, use aa-enforce instead of aa-complain.

AppArmor audit logs can be found in /var/log/syslog.

Learn more

See the "External links" section on the main AppArmor page.