diff options
-rw-r--r-- | core/apparmor.html | 19 | ||||
-rw-r--r-- | core/hardening.html | 15 |
2 files changed, 24 insertions, 10 deletions
diff --git a/core/apparmor.html b/core/apparmor.html index 2d9c117..ead3d0d 100644 --- a/core/apparmor.html +++ b/core/apparmor.html @@ -10,10 +10,21 @@ <h1>2.2.1. AppArmor</h1> - <p>Install <a href="hardening.html">apparmor</a>, kernel - configuration is based on - <a href="reboot.html#linux">linux-gnu</a> kernel port, for - manual configuration check <a href="linux.html">kernel linux</a>.</p> + <p>Check <a href="linux.html#configure">kernel configuration</a> or + use the provided with <a href="reboot.html#linux">linux-gnu</a> port + to support apparmor. <a href="https://gitlab.com/apparmor/apparmor/wikis/home">AppArmor</a> enforce rules on applications based + on security policies. User space tools are provided by apparmor port + and its dependencies, install them;</p> + + <pre> + $ sudo prt-get depinst apparmor + </pre> + + <p>Enable apparmor on linux by command line, create /etc/default/grub;</p> + + <pre> + GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" + </pre> <a href="index.html">Core OS Index</a> <p>This is part of the c9 Manual. diff --git a/core/hardening.html b/core/hardening.html index 8c100b2..383f583 100644 --- a/core/hardening.html +++ b/core/hardening.html @@ -10,14 +10,17 @@ <h1>2.2. Hardening</h1> - <p>Kernel <a href="ports/linux-gnu">linux-gnu</a> port have - <a href="apparmor.html">apparmor</a> default options. AppArmor - enforce rules on applications based on security policies. - User space tools are provided by apparmor port and its dependencies, - install them;</p> + <p>Check <a href="apparmor.html">apparmor</a>, + <a href="sysctl.html">sysctl</a>, + <a href="toolchain.html">toolchain</a> and + <a href="samhain.html">samhain</a> before running tests.</p> + + <p>Mount some filesystems in read only</p> + <p>Check processes running as root</p> + <p>Check processes users premissions</p> <pre> - $ sudo prt-get depinst checksec lynis apparmor + $ sudo prt-get depinst checksec lynis </pre> <p>Lynis gives a view of system overall configuration, without changing |