Presented By: EktaAhuja<br />AppArmor <br />
About Me<br />Student: MSc.CA at SICSR<br />Windows & Information Security Enthusiast <br />Database Freak<br />
Agenda<br />What is Apparmor?<br />Why Use Apparmor?<br />Apparmor Profiles<br />Demo<br />
Introduction<br />AppArmoris the most effective and easy-to-use Linux application security system available on the market ...
Why AppArmor..??<br />
Which Programs can be Protected..??<br />General recommendation :<br />		Every program that mediates Privileges.<br />Netw...
AppArmor Profiles<br />For each application that we want to protect we can create a separate profile.<br />A profile conta...
Profile Types:<br />
Generating Profiles<br />
Key of a Profile<br />Each rule also specifies permissions: <br />r – read<br />w - write <br />ux - unconstrained execute...
Parts of Profile:<br />Example: Hypothetical application -- /usr/bin/foo<br />#include <tunables/global><br />/usr/bin/foo...
Parts of Profile (cont..)<br />/@{HOME}/.foo_lockkw, <br />owner   /shared/foo/** rw, <br />/usr/bin/foobarcx,<br />/bin/*...
Profile Modes<br />Enforce Mode <br />Complain Mode (Learning Mode)<br />
Flow of Logic<br />Collapse a few rules and make it more generic and open.<br />
Demo Time <br />
References<br /><ul><li> http://en.opensuse.org/SDB:AppArmor_geeks
 http://www.novell.com/documentation
Upcoming SlideShare
Loading in …5
×

Apparmor

2,789 views
2,679 views

Published on

Apparmor by Ekta Ahuja @ null Pune Meet, August 2011

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,789
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Apparmor

  1. 1. Presented By: EktaAhuja<br />AppArmor <br />
  2. 2. About Me<br />Student: MSc.CA at SICSR<br />Windows & Information Security Enthusiast <br />Database Freak<br />
  3. 3. Agenda<br />What is Apparmor?<br />Why Use Apparmor?<br />Apparmor Profiles<br />Demo<br />
  4. 4. Introduction<br />AppArmoris the most effective and easy-to-use Linux application security system available on the market today. AppArmor is a security framework that proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good program behavior and preventing even unknown software flaws from being exploited. AppArmor security profiles completely define what system resources individual programs can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.<br />
  5. 5. Why AppArmor..??<br />
  6. 6. Which Programs can be Protected..??<br />General recommendation :<br /> Every program that mediates Privileges.<br />Network Services :<br /> Every program(server/client) with open ports.<br />Cron jobs :<br />Cron jobs that run with root privilages can be protected.<br />Web Applications :<br /> CGI scripts, Java Applets etc.<br />
  7. 7. AppArmor Profiles<br />For each application that we want to protect we can create a separate profile.<br />A profile contains:<br />The full path of the program that is confined.<br />With the #include directive we can pull in components of other profiles.<br />Add POSIX capabilities with the capability statement.<br />A path entry, specifying which part of filesystem the program can access.<br />
  8. 8. Profile Types:<br />
  9. 9. Generating Profiles<br />
  10. 10. Key of a Profile<br />Each rule also specifies permissions: <br />r – read<br />w - write <br />ux - unconstrained execute <br />Ux - unconstrained execute -- scrub the environment <br />px - discrete profile execute <br />Px - discrete profile execute -- scrub the environment <br />ix - inherit execute m - allow PROT_EXEC with mmap(2) calls <br />l - link <br />cx- local security profile<br />
  11. 11. Parts of Profile:<br />Example: Hypothetical application -- /usr/bin/foo<br />#include <tunables/global><br />/usr/bin/foo<br />{ <br />#include <abstractions/base> <br />capability setgid , <br />network inettcp , <br />link /etc/sysconfig/foo -> /etc/foo.conf, <br />/bin/mount ux, <br />/dev/{,u} random r, <br />/etc/ld.so.cache r, <br />/etc/foo/* r, <br />/lib/ld-*.so* mr, <br />/lib/lib*.so* mr, <br />/proc/[0-9]** r, <br />/usr/lib/** mr, <br />/tmp/ r, <br />/tmp/foo.pid wr, /tmp/foo.* lrw, <br />/@{HOME} /.foo_filerw, <br />
  12. 12. Parts of Profile (cont..)<br />/@{HOME}/.foo_lockkw, <br />owner /shared/foo/** rw, <br />/usr/bin/foobarcx,<br />/bin/** px -> bin_generic, <br /># a comment about foo's local (children)profile for /usr/bin/foobar.<br />profile /usr/bin/foobar { <br />/bin/bash rmix, <br />/bin/cat rmix, <br />/bin/more rmix, <br />/var/log/foobar* rwl, <br />/etc/foobar r, <br />} <br /># foo's hat, bar. <br />^bar { <br />/lib/ld-*.so* mr, <br />/usr/bin/bar px, <br />/var/spool/* rwl, <br /> } <br />}<br />
  13. 13. Profile Modes<br />Enforce Mode <br />Complain Mode (Learning Mode)<br />
  14. 14. Flow of Logic<br />Collapse a few rules and make it more generic and open.<br />
  15. 15. Demo Time <br />
  16. 16. References<br /><ul><li> http://en.opensuse.org/SDB:AppArmor_geeks
  17. 17. http://www.novell.com/documentation
  18. 18. http://wiki.apparmor.net/index.php/Documentation
  19. 19. http://doc.opensuse.org
  20. 20. https://wiki.ubuntu.com/AppArmor</li></li></ul><li>Thank You<br />

×