AppArmor Sucks Less! (Linux+ Objective 2.5.2)
Вставка
- Опубліковано 29 вер 2024
- It's no secret I hate SELinux. But I don't mind AppArmor. It's a similar system installed on quite a few Linux distributions. I'm not qualified to compare the robust-ness of each system, but I can assure you AppArmor is less horrible to work with!
This video covers the basics of AppArmor, and then we actually create a blank profile for an application. We tweak that profile so it works. PLUS, the process doesn't make anyone want to murder anyone else. So, maybe it's not actually like SELinux. ;)
The CompTIA Linux+ objectives are available here: snar.co/plusob...
WAYS TO SUPPORT SHAWN
---------------------------------------------
Patreon: / shawnp0wers
Merch: store.nerdling...
SuperStickers, etc!
WAYS TO SUPPORT EACH OTHER
-------------------------------------------------------
1) Be Kind
2) Answer comments/questions here
3) Ask/Answer questions on our Discord: snar.co/discord
WAYS TO FIND SHAWN OTHER PLACES
----------------------------------------------------------------
Landing Page: shawnp0wers.com
#linux #comptia #security
This was very useful. Thank you.
There were two issues that I ran into:
1) I needed to installed "apparmor-easyprof" and "apparmor-utils" packages.
2) aa-logprof initially seg faulted. Doing a full update and upgrade fixes it.
if any one has an issue when executing "sudo aa-complain /usr/bin/man" and gets this error "sudo: aa-complain: command not found"
you can fix it buy installing apparmor-utils by running this command "sudo apt install apparmor-utils" and it will work just fine for you.
I can still use ss after enforcing the profile does anyone know why?
I did grsecurity rbac like 20 years ago, and this apparmour is way easier and actually looks useable
Anybody tried a "deny" rule in complain mode? Deny file read seems okay but deny file execution doesn't work for some reason.
edit: I created an issue on gitlab to ask this question. Devs said the apparmor 4.x will fix this error
It would be nice if AA only worked but instead it does nothing more than cripple you machine.
🤯🤯🤯🤯🤯 i can visit it twice or 3 times . for vidoes you have done , Apparmor and SELinux flushout my memory . But i like simplicity way you explain think.Thankes man🤝🤝🤝
Thank you! They can be so challenging, so I'm glad my explanation was understandable. :)
@@shawnp0wers very very very understandable, thus the reason why today i want to learn Linux+ because of you and you teach perfect Shawn
Great!
Thanks!
My pleasure!
Thank you for the great Linux+ video. 🎉 You are amazing 👏
Thank you again! I'm glad the videos are helpful. :)
Thank you very much. This is really a great playlist!
Thank you for the name drop and the great video.
Thank YOU for patiently hanging around! :D