8 Introducing Apparmor - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual

Introducing AppArmor
Many security vulnerabilities result from bugs in trusted programs. A trusted program
runs with privilege that some attacker would like to have. The program fails to keep
that trust if there is a bug in the program that allows the attacker to acquire that privilege.
Novell® AppArmor is an application security solution designed specifically to provide
least privilege confinement to suspect programs. AppArmor allows the administrator
to specify the domain of activities the program can perform by developing a security
profile for that application—a listing of files that the program may access and the oper-
ations the program may perform. AppArmor secures applications by enforcing good
application behavior without relying on attack signatures, so it can prevent attacks even
if they are exploiting previously unknown vulnerabilities.
Novell AppArmor consists of:
• A library of AppArmor profiles for common Linux* applications describing what
files the program needs to access.
• A library of AppArmor profile foundation classes (profile building blocks) needed
for common application activities, such as DNS lookup and user authentication.
• A tool suite for developing and enhancing AppArmor profiles, so that you can
change the existing profiles to suit your needs and create new profiles for your own
local and custom applications.
• Several specially modified applications that are AppArmor enabled to provide en-
hanced security in the form of unique subprocess confinement, including Apache
and Tomcat.
18
Introducing AppArmor 217