Dailydave mailing list archives
Use of AppArmor
From: "Kevin Noble" <knoble () terremark com>
Date: Mon, 15 Oct 2007 13:07:35 -0400
AppArmor seems to work best with anything routine like protecting SFTP, SSH and other services. I admit that that it is ideal for lazy admins but once I understood how to use the tool, it became a early warning sysem and can tell you quite a bit about what an app needs to function, mostly through the update profile wizard. Once you have applications profiled into production, it can tell you about anything strange. On the frontier side you will observe apparmor events for anything unhandled. It will tell you about any new and strange permissions you need for firefox for example when visiting questionable sites. You can use it as a very terrible tool for profiling malware strictly looking at permissions and limiting those permissions during execution. A talk at blackhat confirmed that there is far more granular control, more then I care about a the moment. -KNoble Terremark -------------------------- Sent via BlackBerry ;-)
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Use of AppArmor Kevin Noble (Oct 15)