Table of Contents
Advertisement
Introduction to Novell
AppArmor
Novell® AppArmor Powered by Immunix is designed to provide easy-to-use application
security for both servers and workstations. Novell AppArmor is an access control system
that lets you specify per program which files the program may read, write, and execute.
AppArmor secures applications by enforcing good application behavior without relying
on attack signatures, so can prevent attacks even if they are exploiting previously un-
known vulnerabilities.
Novell AppArmor consists of:
• A library of AppArmor profiles for common Linux* applications describing what
files the program needs to access.
• A library of AppArmor profile foundation classes (profile building blocks) needed
for common application activities, such as DNS lookup and user authentication.
• A tool suite for developing and enhancing AppArmor profiles, so that you can
change the existing profiles to suit your needs and create new profiles for your own
local and custom applications.
• Several specially modified applications that are AppArmor enabled to provide en-
hanced security in the form of unique subprocess confinement, including Apache.
• The Novell AppArmor–loadable kernel module and associated control scripts to
enforce AppArmor policies on your SUSE® Linux system.
NOTE
Some distributions of SUSE Linux include a version of AppArmor that enforce
policies for a limited set of programs. These policies can be modified to suit
your particular environment using the included AppArmor tool set. To create
AppArmor profiles for additional programs, an upgrade to the full version of
AppArmor is required.
Advertisement
Table of Contents
