Linux Application Security - Apparmour

Protecting your Linux box

Linux Application Security - Apparmour

Postby Apurva » Wed Jul 05, 2006 4:49 pm

Hi,

Novell's Suse Linux Enterprise Server ships with an Application Security application called apparmour absolutely free of cost.

AppArmor offers the following features:

* Full integration. AppArmor is integrated with SUSE Linux Enterprise Server 9 SP3 and openSUSE.
* Seamless integration. SUSE Linux Enterprise Server from Novell, which now includes AppArmor, integrates easily with it.
* Easy deployment. AppArmor includes a full suite of console and YaST-based tools to help you develop, deploy and maintain application security policies.
* Powerful security. AppArmor protects the operating system, custom and third-party applications from both external and internal threats by enforcing appropriate application behavior.
* Reporting and alerting. Built-in features allow you to schedule detailed event reports and configure alerts based on user-defined events.
* Sub-process confinement. AppArmor allows you to define security policies for individual Perl and PHP scripts for tighter Web-server security.

The benefits include :

* Quickly and effectively secure Linux-based programs
* Protect business-critical Linux-based applications and services
* Enforce system and data integrity with preconfigured templates
* Reduce business risk
* Comply with government regulations
* Manage ongoing return on investment
* Reduce total cost of ownership
* Improve IT productivity
* Enjoy consistent manageability


More information can be obtained at http://www.novell.com/products/apparmor/ and you can download a free version from http://en.opensuse.org/Apparmor
Apurva
Lance Naik
 
Posts: 47
Joined: Wed Jul 05, 2006 4:01 pm
WLM: apurva1s@hotmail.com
Yahoo Messenger: apurva1s2000@yahoo.co.in

Re: Linux Application Security - Apparmour

Postby nomankhn » Thu Jul 06, 2006 9:55 am

Apurva wrote:Hi,

Novell's Suse Linux Enterprise Server ships with an Application Security application called apparmour absolutely free of cost.

AppArmor offers the following features:

* Full integration. AppArmor is integrated with SUSE Linux Enterprise Server 9 SP3 and openSUSE.
* Seamless integration. SUSE Linux Enterprise Server from Novell, which now includes AppArmor, integrates easily with it.
* Easy deployment. AppArmor includes a full suite of console and YaST-based tools to help you develop, deploy and maintain application security policies.
* Powerful security. AppArmor protects the operating system, custom and third-party applications from both external and internal threats by enforcing appropriate application behavior.
* Reporting and alerting. Built-in features allow you to schedule detailed event reports and configure alerts based on user-defined events.
* Sub-process confinement. AppArmor allows you to define security policies for individual Perl and PHP scripts for tighter Web-server security.

The benefits include :

* Quickly and effectively secure Linux-based programs
* Protect business-critical Linux-based applications and services
* Enforce system and data integrity with preconfigured templates
* Reduce business risk
* Comply with government regulations
* Manage ongoing return on investment
* Reduce total cost of ownership
* Improve IT productivity
* Enjoy consistent manageability


More information can be obtained at http://www.novell.com/products/apparmor/ and you can download a free version from http://en.opensuse.org/Apparmor


Dear,

Are they using iptables at back, or some thing other than that.

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
NT means 'Not Today'.'XP' what else but 'Xtremely Painful.'
If Linux doesn't have the solution, you have the wrong problem
Linux is like a Red Indian tent: no Windows, no Gates, and an Apache inside!
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

apparmour

Postby Apurva » Thu Jul 06, 2006 6:43 pm

this will basically protect the http fork and protect the binary from hacking.

AppArmor tools identify the programs that need containment, capture application behavior in a "learning mode" and turn that behavior into security policy—all from a single graphical interface.
Apurva
Lance Naik
 
Posts: 47
Joined: Wed Jul 05, 2006 4:01 pm
WLM: apurva1s@hotmail.com
Yahoo Messenger: apurva1s2000@yahoo.co.in

Re: apparmour

Postby nomankhn » Fri Jul 07, 2006 9:29 am

Apurva wrote:this will basically protect the http fork and protect the binary from hacking.

AppArmor tools identify the programs that need containment, capture application behavior in a "learning mode" and turn that behavior into security policy—all from a single graphical interface.



Ok.


Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
NT means 'Not Today'.'XP' what else but 'Xtremely Painful.'
If Linux doesn't have the solution, you have the wrong problem
Linux is like a Red Indian tent: no Windows, no Gates, and an Apache inside!
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby Apurva » Mon Jul 10, 2006 10:34 am

App armour compares against SE linux of Redhat.
Apurva
Lance Naik
 
Posts: 47
Joined: Wed Jul 05, 2006 4:01 pm
WLM: apurva1s@hotmail.com
Yahoo Messenger: apurva1s2000@yahoo.co.in

Postby lambda » Mon Jul 10, 2006 10:58 am

Apurva wrote:App armour compares against SE linux of Redhat.
se linux is available in many distributions; see http://selinux.sourceforge.net/. it is not a "redhat" thing.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby nomankhn » Tue Jul 11, 2006 9:16 am

lambda wrote:
Apurva wrote:App armour compares against SE linux of Redhat.
se linux is available in many distributions; see http://selinux.sourceforge.net/. it is not a "redhat" thing.


You are right my brother lambda.

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby Apurva » Tue Jul 11, 2006 11:30 am

Creating a policy in SE Linux :

Create a file at $SELINUX_SRC/domains/program/foo.te.
Put the daemon domain macro call in the file.
Create the file contexts file.
Put the first list of file contexts in file.fc.
Load the new policy with make load.
Label the foo files.
Start the daemon, service foo start.
Examine your audit log for denial messages.
Familiarize yourself with the errors the daemon is generating.
Use audit2allow to start the first round of policy rules
Look to see if the foo_t domain tries to create a network socket
Continue to iterate through the basic steps to generate all the rules you need.
If the domain tries to access port_t, which relates to tclass=tcp_socket or tclass=udp_socket in the AVC log message, you need to determine what port number foo needs to use.
Iterate through the remaining AVC denials. When they are resolved with new policy, you can configure the unique port requirements for the foo_t domain.
With the daemon started, determine which port foo is using.
Remove the generic port_t rule, replacing it with a specific rule for a new port type based on the foo_t domain.
Apurva
Lance Naik
 
Posts: 47
Joined: Wed Jul 05, 2006 4:01 pm
WLM: apurva1s@hotmail.com
Yahoo Messenger: apurva1s2000@yahoo.co.in


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron