49.0 Confining Privileges with AppArmor
Many security vulnerabilities result from bugs in
trusted programs. A trusted
program runs with privilege that some attacker would like to have. The
program fails to keep that trust if there is a bug in the program that
allows the attacker to acquire that privilege.
Novell® AppArmor is an application security solution designed specifically to
provide least privilege confinement to suspect programs. AppArmor allows the
administrator to specify the domain of activities the program can perform by
developing a security profile for that
application—a listing of files that the program may access and the
operations the program may perform.
Effective hardening of a computer system requires minimizing the number
of programs that mediate privilege then securing the programs as much as
possible. With Novell AppArmor, you only need to profile the programs that are
exposed to attack in your environment, which drastically reduces the amount
of work required to harden your computer. AppArmor profiles enforce policies
to make sure that programs do what they are supposed to do, but nothing
Administrators only need to care about the applications that are
vulnerable to attacks and generate profiles for these. Hardening a system
thus comes down to building and maintaining the AppArmor profile set and
monitoring any policy violations or exceptions logged by AppArmor's reporting
Building AppArmor profiles to confine an application is very
straightforward and intuitive. AppArmor ships with several tools that assist
in profile creation. It does not require you to do any programming or
script handling. The only task that is required from the administrator is to
determine a policy of strictest access and execute permissions for each
application that needs to be hardened.
Updates or modifications to the application profiles are only required
if the software configuration or the desired range of activities
changes. AppArmor offers intuitive tools to handle profile updates or
Users should not notice AppArmor at all. It runs
scenes and does not require any user interaction. Performance is
not affected noticeably by AppArmor. If some activity of the application is
not covered by an AppArmor profile or if some activity of the application is
prevented by AppArmor, the administrator needs to adjust the profile of this
application to cover this kind of behavior.
This guide outlines the basic tasks that need to be performed with AppArmor
to effectively harden a system. For more in-depth information, refer to
Novell AppArmor 2.0 Administration Guide.