Mandatory Access Control (MAC) Security Framework
AppArmor (Application Armor) is a Linux security module that confines programs to a limited set of resources, providing mandatory access control (MAC) to supplement the traditional Unix discretionary access control (DAC) model.
Think of AppArmor as a security guard that watches over each application on your system - it defines strict rules about what files an app can access, what network connections it can make, and what system capabilities it can use. IT professionals use AppArmor to contain security breaches (if a web server is hacked, the attacker can only access what the AppArmor profile allows), protect sensitive data from compromised applications, enforce the principle of least privilege, prevent zero-day exploits from causing widespread damage, and comply with security policies requiring mandatory access controls. It's especially popular on Ubuntu/Debian systems and provides protection without modifying applications!
Advertisement
[ Insert Google AdSense Banner Code Here ]
Restrict Apache, Nginx, or other web servers to only access necessary files.
Limit MySQL, PostgreSQL access to only database directories and sockets.
Limit damage if an application is compromised by restricting lateral movement.
Meet security standards requiring mandatory access control mechanisms.
sudo aa-status Display AppArmor status and list all loaded profiles with their modes.
Requires admin privileges - Password: admin123
sudo aa-enforce /usr/sbin/nginx Set nginx profile to enforce mode (block unauthorized actions).
Requires admin privileges - Password: admin123
sudo aa-complain /usr/bin/firefox Set firefox to complain mode (log violations but don't block).
Requires admin privileges - Password: admin123
sudo aa-disable /usr/sbin/apache2 Disable AppArmor profile for Apache web server.
Requires admin privileges - Password: admin123
sudo systemctl status apparmor Check if AppArmor service is running and enabled.
Requires admin privileges - Password: admin123
ls /etc/apparmor.d/ List all available AppArmor profiles on the system.
cat /etc/apparmor.d/usr.sbin.nginx View the AppArmor profile configuration for nginx.
Enforce Mode: The profile is active and blocks any unauthorized actions. Use this for production systems.
Complain Mode: The profile logs violations but doesn't block them. Perfect for testing new profiles without breaking apps.
Disabled: The profile is loaded but completely inactive. The application runs without any AppArmor restrictions.
Pro Tip: Always test profiles in complain mode first, check logs at /var/log/audit/audit.log or /var/log/syslog, then switch to enforce mode once verified!
Practice AppArmor commands in the interactive terminal below: