37.0 Confining Privileges with AppArmor
Many security vulnerabilities result from bugs in
trusted programs. A trusted program runs with
privilege that some attacker would like to have. The program fails to keep
that trust if there is a bug in the program that allows the attacker to
acquire that privilege.
Novell® AppArmor is an application security solution designed specifically to
provide least privilege confinement to suspect programs. AppArmor allows the
administrator to specify the domain of activities the program can perform
by developing a security profile for that
application—a listing of files that the program may access and the
operations the program may perform.
Effective hardening of a computer system requires minimizing the number of
programs that mediate privilege then securing the programs as much as
possible. With Novell AppArmor, you only need to profile the programs that are
exposed to attack in your environment, which drastically reduces the
amount of work required to harden your computer. AppArmor profiles enforce
policies to make sure that programs do what they are supposed to do, but
nothing else.
Administrators only need to care about the applications that are
vulnerable to attacks and generate profiles for these. Hardening a system
thus comes down to building and maintaining the AppArmor profile set and
monitoring any policy violations or exceptions logged by AppArmor's reporting
facility.
Building AppArmor profiles to confine an application is very straightforward
and intuitive. AppArmor ships with several tools that assist in profile
creation. It does not require you to do any programming or script
handling. The only task that is required from the administrator is to
determine a policy of strictest access and execute permissions for each
application that needs to be hardened.
Updates or modifications to the application profiles are only required if
the software configuration or the desired range of activities changes.
AppArmor offers intuitive tools to handle profile updates or modifications.
Users should not notice AppArmor at all. It runs behind the
scenes
and does not require any user interaction. Performance is
not affected noticeably by AppArmor. If some activity of the application is
not covered by an AppArmor profile or if some activity of the application is
prevented by AppArmor, the administrator needs to adjust the profile of this
application to cover this kind of behavior.
This guide outlines the basic tasks that need to be performed with AppArmor to
effectively harden a system. For more in-depth information, refer to
the
Novell AppArmor Administration Guide,
(↑ Novell AppArmor Administration Guide ).