Why Immunize Programs; How To Immunize With Apparmor - Novell APPARMOR Admin Manual

U s e r ' s G u i d e
Chapter 2 Why Immunize Programs?
Novell AppArmor provides Immunization technologies that protect
SLES 9 applications from the inherent vulnerabilities they possess.
After installing Novell AppArmor, setting up Novell AppArmor profiles
and rebooting the PC, your system becomes Immunized because it
begins to enforce the Novell AppArmor security policies. Protecting
programs with Novell AppArmor is referred to as Immunizing. In the
following sections, we explain why and how to immunize your pro-
grams.
Novell AppArmor sets you up with a collection of default application
profiles to protect standard Linux services. To protect other applica-
tions, use the Novell AppArmor tools to create profiles for the applica-
tions that you want protected. This chapter introduces you to the
philosophy of Immunizing programs. Proceed to Chapter 4: How to
Build Novell AppArmor Profiles i f y o u ' r e r e a d y t o b u i l d a n d ma n a g e
Novell AppArmor profiles.
How To Immunize With Novell AppArmor
Novell AppArmor provides streamlined access control for network
services by specifying which files each program is allowed to read,
write, and execute. This ensures that each program does what it is
supposed to do, and nothing else.
Novell AppArmor is host intrusion prevention or a mandatory access
control scheme that is optimized for servers. Previously, access control
schemes were centered around users because they were built for large
time-share systems. Alternatively, modern network servers largely do
not permit users to log in, and instead provide a variety of network ser-
vices for users such as web, mail, file, print, etc. Novell AppArmor con-
trols the access given to network services and other programs to
prevent weaknesses from being exploited.
10