Tip of the Trade: AppArmor

The traditional Unix file and ownership permissions have weathered the test of decades of use and are simple to understand and use. But they’re showing their age in this modern, connected world, and it is now time to look for something stronger. SELinux has been the unchallenged champion of super-secure Linux systems, until the recent emergence of AppArmor. Both use Mandatory Access Controls (MAC), which are stronger than Unix’s Discretionary Access Controls (DAC). SELinux has already been discussed; today is AppArmor’s turn.

The biggest complaint against SELinux is its complexity, and that’s a valid point. Any security tool that is too difficult to learn and use is not a good security tool. SELinux wants to touch every file on your system. But is this necessary?

AppArmor takes a different approach and is applied more selectively. It operates on individual applications by limiting their access to essential libraries and files, rather than trying to control the entire system. It ensures applications have only the privileges they need to do their jobs, and no more. This foils privilege escalation, which is usually the primary goal of an attacker, because they require root privileges to do anything significant.

The first step is to figure out where the largest risks lie and apply AppArmor to those. For example, these days, the biggest security risks for Linux are in Internet-facing Web and application servers because of their complexity and inexperienced and sloppy scripting. If you’re running a public Web site or application server, hardening it with AppArmor is a logical first step. Then, you can look at other services that face untrusted networks and AppArmor them.

AppArmor uses profiles that control what it does and to what. The best way to get started with it is to get a Linux distribution that includes a prefab AppArmor setup, like Ubuntu Gutsy or OpenSUSE. OpenSUSE has the most mature AppArmor development. Visit Novell AppArmor to find all kinds of helpful information.