Use of AppArmor

["Kevin Noble" <knoble () terremark com>]

AppArmor seems to work best with anything routine like protecting SFTP, SSH and other services. I admit that that it is 
ideal for lazy admins but once I understood how to use the tool, it became a early warning sysem and can tell you quite 
a bit about what an app needs to function, mostly through the  update profile wizard. Once you have applications 
profiled into production, it can tell you about anything strange.  On the frontier side you will observe apparmor 
events for anything unhandled.  It will tell you about any new and strange permissions you need for firefox for example 
when visiting questionable sites. You can use it as a very terrible tool for profiling malware strictly looking at 
permissions and limiting those permissions during execution.

A talk at blackhat confirmed that there is far more granular control, more then I care about a the moment.

-KNoble
Terremark
--------------------------
Sent via BlackBerry ;-)

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave