about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--core/apparmor.html19
-rw-r--r--core/hardening.html15
2 files changed, 24 insertions, 10 deletions
diff --git a/core/apparmor.html b/core/apparmor.html
index 2d9c117..ead3d0d 100644
--- a/core/apparmor.html
+++ b/core/apparmor.html
@@ -10,10 +10,21 @@
 
         <h1>2.2.1. AppArmor</h1>
 
-        <p>Install <a href="hardening.html">apparmor</a>, kernel
-        configuration is based on
-        <a href="reboot.html#linux">linux-gnu</a> kernel port, for 
-        manual configuration check <a href="linux.html">kernel linux</a>.</p>
+        <p>Check <a href="linux.html#configure">kernel configuration</a> or
+        use the provided with <a href="reboot.html#linux">linux-gnu</a> port 
+        to support apparmor. <a href="https://gitlab.com/apparmor/apparmor/wikis/home">AppArmor</a> enforce rules on applications based
+        on security policies. User space tools are provided by apparmor port
+        and its dependencies, install them;</p>
+
+        <pre>
+        $ sudo prt-get depinst apparmor
+        </pre>
+
+        <p>Enable apparmor on linux by command line, create /etc/default/grub;</p>
+
+        <pre>
+        GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"
+        </pre>
 
         <a href="index.html">Core OS Index</a>
         <p>This is part of the c9 Manual.
diff --git a/core/hardening.html b/core/hardening.html
index 8c100b2..383f583 100644
--- a/core/hardening.html
+++ b/core/hardening.html
@@ -10,14 +10,17 @@
 
         <h1>2.2. Hardening</h1>
 
-        <p>Kernel <a href="ports/linux-gnu">linux-gnu</a> port have
-        <a href="apparmor.html">apparmor</a> default options. AppArmor
-        enforce rules on applications based on security policies.
-        User space tools are provided by apparmor port and its dependencies, 
-        install them;</p>
+        <p>Check <a href="apparmor.html">apparmor</a>,
+        <a href="sysctl.html">sysctl</a>, 
+        <a href="toolchain.html">toolchain</a> and
+        <a href="samhain.html">samhain</a> before running tests.</p>
+
+        <p>Mount some filesystems in read only</p>
+        <p>Check processes running as root</p>
+        <p>Check processes users premissions</p>
 
         <pre>
-        $ sudo prt-get depinst checksec lynis apparmor
+        $ sudo prt-get depinst checksec lynis
         </pre>
 
         <p>Lynis gives a view of system overall configuration, without changing