• AppArmor Ubuntu 16.04
• Apparmor File Permission Access Modes
• Безопасный Linux : Часть первая. AppArmor – песочница для приложений

• AppArmor HowToUse

# mkdir /etc/default/grub.d

# cat /etc/default/grub.d/apparmor.cfg

GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"

# update-grub

# init 6

# apt install apparmor

# aa-status

debian# apt install bind9

# ps axZ

# apt install apparmor-utils

# aa-unconfined

# apt install apparmor-profiles

# find /etc/apparmor.d/

# service apparmor teardown

# service apparmor restart

# ldd /bin/bash

# ldd /bin/cat

# ldd /usr/bin/file

# man file

# cat /etc/apparmor.d/usr.local.sbin.webd

/usr/local/sbin/webd {

  network inet stream,

  /usr/local/sbin/webd r,
#  /bin/bash ix,
  /bin/cat ix,
  /usr/bin/file ix,
  /etc/magic r,
  /usr/share/file/magic.mgc r,
  /usr/lib/file/magic.mgc r,

  /var/www/** r,

###For i386 Debian/Ubuntu
#  /lib/i386-linux-gnu/libz* mr,
#  /lib/i386-linux-gnu/libtinfo* mr,
#  /lib/i386-linux-gnu/libdl* mr,
#  /lib/i386-linux-gnu/libc* mr,
#  /usr/lib/libmagic* mr,
  
###For x86_64 Debian/Ubintu 
#  /lib/x86_64-linux-gnu/libtinfo* mr,
#  /lib/x86_64-linux-gnu/libdl* mr,
#  /lib/x86_64-linux-gnu/libc* mr,
#  /lib/x86_64-linux-gnu/libz* mr,
#  /usr/lib/x86_64-linux-gnu/libmagic* mr,

}

# aa-complain /usr/local/sbin/webd

# find /etc/apparmor.d/ | grep webd

# aa-enforce /usr/local/sbin/webd

# tail -f /var/log/syslog | grep usr.local.sbin.webd

# tail -f /var/log/audit/audit.log | grep usr.local.sbin.webd

# aa-disable /usr/local/sbin/webd

• Profiling with tools

# aa-genprof /usr/local/sbin/webd
...

# cat /etc/apparmor.d/usr.local.sbin.webd

# Last Modified: Fri Mar 30 06:29:37 2012
#include <tunables/global>

/usr/local/sbin/webd {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/apache2-common>

  /usr/local/sbin/webd r,
  /bin/bash ix,
  /bin/cat rix,
  /etc/magic r,
  /usr/bin/file rix,
  /usr/share/file/magic.mgc r,
  /var/www/* r,
}

# service apparmor restart