AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies, called profiles, completely define what system resources individual applications can access, and with what privileges. A number of default profiles are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor profiles for even very complex applications can be deployed successfully in a matter of hours.
This talk gives an introduction to AppArmor. I'll show the AppArmor tools to create and update profiles and also explain the profile syntax so that you can understand and manually edit profiles. I'll also show some advanced usage - securing a typical webserver, setting up read-only root access to do backups and how to (ab)use AppArmor for debugging.
URLs: http://wiki.apparmor.net/index.php/Main_Page (upstream AppArmor wiki) http://blog.cboltz.de/uploads/osc12/apparmor-english-2012-v2.pdf (slides from 2012, most of them still valid)