Shutting out intruders with AppArmor
PROTECTIVE ARMOR
When an attacker succeeds in infecting a victim’s system, the attacker inherits the victim’s privileges. App Armor beats the attack by reducing the potential victim’s privileges to a minimum.
Novell views AppArmor [1] as an easily configurable but effective protection system for Linux. According to the vendor, AppArmor competes with SE Linux, which has been part of the Suse distribution for quite a while now, although lacking the policies needed to run it. Whereas SE Linux is comparatively difficult to configure, but implements comprehensive MACs (Mandatory Access Control), AppArmor focuses on restricting the scope of individual applications. The Task It is an unfortunate fact that many programs suffer from bugs, and web applications are particularly badly hit. Most software is not coded by security specialists, though it may be publicly accessible via the web, and this makes it an easy target for attackers. If an attacker finds a programming error in an application, they can typically exploit the error, thus gaining access to the target system.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
News
-
Nextcloud Announces Raspberry Pi-Powered Home Cloud Box
Innovative system adds a hard drive and Ubuntu Core to the RPi for an IoT hub.
-
Linus Torvalds Confirms the Date of the First Linux Release
Linux is two weeks younger than we thought!
-
End of OpenOffice?
The Apache Software Foundation considers retiring OpenOffice
-
Adobe Gives New Life to NPAPI Plugin for Linux
Adobe won’t kill the plugin in 2017
-
LinuxCon North America Convenes in Toronto, Canada
Linux Foundation's big event celebrates the 25th anniversary of Linux
-
Linux Turns 25
Linux has evolved from “won’t be a professional” project to one of the most professional software projects in the history of computers.
-
Mirantis Joins Hands with SUSE To Offer RHEL Support; Red Hat Not Happy
Competitors get in the game with RHEL without Red Hat
-
Linux on Windows 10 Poses a Security Risk
Security researchers have already notified Microsoft; some fixes are available
-
Mirantis to Refactor OpenStack Fuel for Kubernetes
The company is collaborating with Google and Intel to use Kubernetes as an engine for Fuel
-
Canonical Joins Document Foundation Advisory Board
The upcoming release of LibreOffice will be available as a snap package