ACC SHELL

Path : /usr/share/doc/manual/opensuse-manuals_en/manual/
File Upload :
Current File : //usr/share/doc/manual/opensuse-manuals_en/manual/cha.apparmor.intro.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 17. Introducing AppArmor</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.apparmor.html" title="Part IV. Confining Privileges with Novell AppArmor"><link rel="prev" href="part.apparmor.html" title="Part IV. Confining Privileges with Novell AppArmor"><link rel="next" href="cha.apparmor.start.html" title="Chapter 18. Getting Started"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> &gt; </span><a href="book.security.html">Security Guide</a><span class="breadcrumbs-sep"> &gt; </span><a href="part.apparmor.html">Confining Privileges with Novell AppArmor</a><span class="breadcrumbs-sep"> &gt; </span><strong><a accesskey="p" title="Part IV. Confining Privileges with Novell AppArmor" href="part.apparmor.html"><span>&#9664;</span></a>  <a accesskey="n" title="Chapter 18. Getting Started" href="cha.apparmor.start.html"><span>&#9654;</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 17. Introducing AppArmor"><div class="titlepage"><div><div><h2 class="title"><a name="cha.apparmor.intro"></a>Chapter 17. Introducing AppArmor<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.apparmor.intro">¶</a></span></h2></div></div></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="sect1"><a href="cha.apparmor.intro.html#sec.apparmor.intro.background">17.1. Background Information on AppArmor Profiling</a></span></dt></dl></div><p>
  Many security vulnerabilities result from bugs in
  <span class="emphasis"><em>trusted</em></span> programs. A trusted program runs with
  privileges that attackers would like to have. The program fails to keep
  that trust if there is a bug in the program that allows the attacker to
  acquire said privilege.
 </p><p>
  Novell® AppArmor is an application security solution designed specifically to
  apply privilege confinement to suspect programs. AppArmor allows the
  administrator to specify the domain of activities the program can perform
  by developing a security <span class="emphasis"><em>profile</em></span> for that application
  (a listing of files that the program may access and the operations the
  program may perform). AppArmor secures applications by enforcing good
  application behavior without relying on attack signatures, so it can
  prevent attacks even if previously unknown vulnerabilities are being
  exploited.
 </p><p>
  Novell AppArmor consists of:
 </p><div class="itemizedlist"><ul class="itemizedlist" type="bullet"><li class="listitem" style="list-style-type: disc"><p>
    A library of AppArmor profiles for common Linux* applications, describing
    what files the program needs to access.
   </p></li><li class="listitem" style="list-style-type: disc"><p>
    A library of AppArmor profile foundation classes (profile building blocks)
    needed for common application activities, such as DNS lookup and user
    authentication.
   </p></li><li class="listitem" style="list-style-type: disc"><p>
    A tool suite for developing and enhancing AppArmor profiles, so that you can
    change the existing profiles to suit your needs and create new profiles
    for your own local and custom applications.
   </p></li><li class="listitem" style="list-style-type: disc"><p>
    Several specially modified applications that are AppArmor enabled to provide
    enhanced security in the form of unique subprocess confinement
    (including Apache and Tomcat).
   </p></li><li class="listitem" style="list-style-type: disc"><p>
    The Novell AppArmor&#8211;loadable kernel module and associated control scripts to
    enforce AppArmor policies on your
    <span>openSUSE®</span>
    system.
   </p></li></ul></div><div class="sect1" title="17.1. Background Information on AppArmor Profiling"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.apparmor.intro.background"></a>17.1. Background Information on AppArmor Profiling<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.apparmor.intro.background">¶</a></span></h2></div></div></div><p>
   For more information about the science and security of Novell AppArmor, refer to
   the following papers:
  </p><div class="variablelist"><dl><dt><span class="term"><em class="citetitle">SubDomain: Parsimonious Server Security</em> by Crispin Cowan, Steve Beattie,
     Greg Kroah-Hartman, Calton Pu, Perry Wagle, and Virgil Gligor</span></dt><dd><p>
      Describes the initial design and implementation of Novell AppArmor. Published in
      the proceedings of the USENIX LISA Conference, December 2000, New
      Orleans, LA. This paper is now out of date, describing syntax and
      features that are different from the current Novell AppArmor product. This paper
      should be used only for background, and not for technical
      documentation.
     </p></dd><dt><span class="term"><em class="citetitle">Defcon Capture the Flag: Defending Vulnerable Code from Intense Attack</em>
     by Crispin Cowan, Seth Arnold, Steve Beattie, Chris Wright, and John Viega</span></dt><dd><p>
      A good guide to strategic and tactical use of Novell AppArmor to solve severe
      security problems in a very short period of time. Published in the
      Proceedings of the DARPA Information Survivability Conference and Expo
      (DISCEX III), April 2003, Washington, DC.
     </p></dd><dt><span class="term"><em class="citetitle">AppArmor for Geeks</em> by Seth Arnold</span></dt><dd><p>
      This document tries to convey a better understanding of the technical
      details of AppArmor. It is available at
      <a class="ulink" href="http://en.opensuse.org/AppArmor_Geeks" target="_top">http://en.opensuse.org/AppArmor_Geeks</a>.
     </p></dd><dt><span class="term"><em class="citetitle">AppArmor Technical Documentation</em> by Andreas Gruenbacher and Seth
     Arnold</span></dt><dd><p>
      This document discusses the concept and design of AppArmor from a very
      technical point of view. It is available at
      <a class="ulink" href="http://forgeftp.novell.com//apparmor/LKML_Submission-June-07/techdoc.html" target="_top">http://forgeftp.novell.com//apparmor/LKML_Submission-June-07/techdoc.html</a>.
     </p></dd></dl></div></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> &gt; </span><a href="book.security.html">Security Guide</a><span class="breadcrumbs-sep"> &gt; </span><a href="part.apparmor.html">Confining Privileges with Novell AppArmor</a><span class="breadcrumbs-sep"> &gt; </span><strong><a accesskey="p" title="Part IV. Confining Privileges with Novell AppArmor" href="part.apparmor.html"><span>&#9664;</span></a>  <a accesskey="n" title="Chapter 18. Getting Started" href="cha.apparmor.start.html"><span>&#9654;</span></a></strong></p></div></td></tr></table></div></body></html>

ACC SHELL 2018