From da2e0152f834b5e5076aa6b55662b0511298827d Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Tue, 3 Apr 2018 23:23:05 +0100 Subject: apparmor and hardening revision --- core/apparmor.html | 19 +++++++++++++++---- core/hardening.html | 15 +++++++++------ 2 files changed, 24 insertions(+), 10 deletions(-) (limited to 'core') diff --git a/core/apparmor.html b/core/apparmor.html index 2d9c117..ead3d0d 100644 --- a/core/apparmor.html +++ b/core/apparmor.html @@ -10,10 +10,21 @@

2.2.1. AppArmor

-

Install apparmor, kernel - configuration is based on - linux-gnu kernel port, for - manual configuration check kernel linux.

+

Check kernel configuration or + use the provided with linux-gnu port + to support apparmor. AppArmor enforce rules on applications based + on security policies. User space tools are provided by apparmor port + and its dependencies, install them;

+ +
+        $ sudo prt-get depinst apparmor
+        
+ +

Enable apparmor on linux by command line, create /etc/default/grub;

+ +
+        GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"
+        
Core OS Index

This is part of the c9 Manual. diff --git a/core/hardening.html b/core/hardening.html index 8c100b2..383f583 100644 --- a/core/hardening.html +++ b/core/hardening.html @@ -10,14 +10,17 @@

2.2. Hardening

-

Kernel linux-gnu port have - apparmor default options. AppArmor - enforce rules on applications based on security policies. - User space tools are provided by apparmor port and its dependencies, - install them;

+

Check apparmor, + sysctl, + toolchain and + samhain before running tests.

+ +

Mount some filesystems in read only

+

Check processes running as root

+

Check processes users premissions

-        $ sudo prt-get depinst checksec lynis apparmor
+        $ sudo prt-get depinst checksec lynis
         

Lynis gives a view of system overall configuration, without changing -- cgit 1.4.1-2-gfad0