Introducing The Apparmor Framework - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
ophy of immunizing programs. Proceed to
(page 197),
Chapter 24, Building Profiles from the Command Line
build and manage Novell AppArmor profiles.
Novell AppArmor provides streamlined access control for network services by specifying
which files each program is allowed to read, write, and execute, and which type of
network it is allowed to access. This ensures that each program does what it is supposed
to do and nothing else. Novell AppArmor quarantines programs to protect the rest of
the system from being damaged by a compromised process.
Novell AppArmor is a host intrusion prevention or mandatory access control scheme.
Previously, access control schemes were centered around users because they were built
for large timeshare systems. Alternatively, modern network servers largely do not permit
users to log in, but instead provide a variety of network services for users, such as Web,
mail, file, and print servers. Novell AppArmor controls the access given to network
services and other programs to prevent weaknesses from being exploited.
TIP: Background Information for Novell AppArmor
To get a more in-depth overview of AppArmor and the overall concept behind
it, refer to
(page 178).
20.1 Introducing the AppArmor
This section provides a very basic understanding of what is happening "behind the
scenes" (and under the hood of the YaST interface) when you run AppArmor.
An AppArmor profile is a plain text file containing path entries and access permissions.
See
Section 21.1, "Breaking a Novell AppArmor Profile into Its Parts"
a detailed reference profile. The directives contained in this text file are then enforced
by the AppArmor routines to quarantine the process or program.
The following tools interact in the building and enforcement of AppArmor profiles and
policies:
188
Security Guide
Chapter 23, Building and Managing Profiles with YaST
Section 18.1, "Background Information on AppArmor Profiling"
Framework
Chapter 21, Profile Components and Syntax
(page 247) if you are ready to
(page 225), or
(page 198) for
Advertisement
Table of Contents
