Working With AppArmor Profiles

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Beginner

In this lab, we will be working with AppArmor profiles. We will edit an existing AppArmor profile as well as create a new profile.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Working With AppArmor Profiles

In this lab, we will edit an existing AppArmor profile as well as create a new profile.

Open a terminal, and log in to the cloud server using the provided credentials.

Change the dhclient AppArmor Profile to Complain Mode

  1. In order to make changes to AppArmor profiles, first we must install the apparmor-utils package with the following command:

    sudo apt-get install -y apparmor-utils
  2. In order to change the dhclient AppArmor profile to complain mode, run the following command:

    sudo aa-complain /sbin/dhclient
  3. Lastly, we must restart the AppArmor service for the changes to take effect:

    sudo systemctl reload apparmor.service

Create a New AppArmor Profile for Xtightvnc and Set Its Profile to Complain Mode

  1. To create a new AppArmor profile for Xtightvnc, run the following command:

    sudo aa-genprof Xtightvnc

    Then, press F to finish creating the profile.

  2. Next, set the new Xtightvnc AppArmor profile to complain mode:

    sudo aa-complain /usr/bin/Xtightvnc
  3. Lastly, we need to restart the AppArmor service for the changes to take effect:

    sudo systemctl reload apparmor.service

Conclusion

Congratulations on completing this hands-on lab!