So, In this guide, we will show you how to install and use AppArmor on Ubuntu systems.
AppArmor is an effective and easy-to-use Linux application security system. Also, it proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.
Install AppArmor on Ubuntu-APT method
Follow the steps below to get started with AppArmor :
- Firts, update your Ubuntu system packages with running the below command:
sudo apt update -y && sudo apt upgrade -y
- So, AppArmor package is available on Ubuntu base repository. So You can install it directly by running the following command as follows:
sudo apt install apparmor-notify apparmor-utils apparmor-profiles-extra apparmor-profiles -y
- Once the installation is complete, AppArmor will be enabled so verify this by checking its status as shown below
sudo systemctl status apparmor
Use AppArmor on Ubuntu
- Then, simply run aa-status to see if your Linux distribution already has AppArmor integrated:
aa-status
- Since it is a kernel module it is usually not something users install themselves. Individual users and system administrators might however want to manage the application profiles which define what each application is allowed to do by editing the files in /etc/apparmor.d/.
The list of currently active profiles can be easily checked with aa-status.
- Checking AppArmor log messages
So, each time AppArmor denies applications from doing potentially harmful operations the event is logged. Depending on your system the AppArmor events can be seen in the syslog, auditd, kernel log or in journald logs.
Example:
sudo journalctl -fx
AppArmor provides several utilities that you can use to manage AppArmor profiles on your system as follows:
- aa-status: Status of AppArmor profiles on your system.
- aa-logprof: Allows you to review and edit the logs generated by AppArmor profiles in “complain” mode.
- aa-genprof: Generates a new profile for an application.
- aa-enforce: Changes the enforcement mode of an AppArmor profile from “complain” to “enforce”.
- aa-complain: Changes the enforcement mode of an AppArmor profile from “enforcing” to “complain”.
How to Remove (Uninstall) AppArmor
- Remove AppArmor APT Method
sudo apt autoremove apparmor-notify apparmor-utils apparmor-profiles-extra apparmor-profiles --purge -y
Install AppArmor -Conclusion
So, That’s it
Finally, Thanks for reading.