Novell® AppArmor is designed to provide easy-to-use application security for both servers and workstations. Novell AppArmor is an access control system that lets you specify per program which files the program may read, write, and execute. AppArmor secures applications by enforcing good application behavior without relying on attack signatures, so it can prevent attacks even if they are exploiting previously unknown vulnerabilities.
Novell AppArmor consists of:
A library of AppArmor profiles for common Linux* applications describing what files the program needs to access.
A library of AppArmor profile foundation classes (profile building blocks) needed for common application activities, such as DNS lookup and user authentication.
A tool suite for developing and enhancing AppArmor profiles, so that you can change the existing profiles to suit your needs and create new profiles for your own local and custom applications.
Several specially modified applications that are AppArmor enabled to provide enhanced security in the form of unique subprocess confinement, including Apache and Tomcat.
The Novell AppArmor–loadable kernel module and associated control scripts to enforce AppArmor policies on your openSUSE® system.
This guide covers the following topics:
Describes the operation of Novell AppArmor and describes the types of programs that should have Novell AppArmor profiles created for them.
Introduces the profile components and syntax.
Describes how to use the AppArmor YaST modules to build, maintain and update profiles.
Describes how to use the AppArmor command line tools to build, maintain and update profiles.
Enables you to create subprofiles for the Apache Web server that allow you to tightly confine small sections of Web application processing.
Describes how to perform Novell AppArmor profile maintenance, which involves tracking common issues and concerns.
Indicates support options for this product.
Provides a list of terms and their definitions.
Many chapters in this manual contain links to additional documentation resources. This includes additional documentation that is available on the system as well as documentation available on the Internet.
For an overview of the documentation available for your product and the latest documentation updates, refer to http://www.novell.com/documentation/apparmor.
Für Rückmeldungen stehen mehrere Kanäle zur Verfügung:
Verwenden Sie für das Melden von Fehlern für eine Produktkomponente oder Verbesserungsvorschläge https://bugzilla.novell.com/. Falls Sie neu bei Bugzilla sind, kann der Artikel Submittung Bug Reports (Senden von Fehlerberichten) unter http://en.opensuse.org/Submitting_Bug_Reports nützlich sein. Häufig gestellte Fragen (FAQs) zu Fehlerberichten finden Sie unter http://en.opensuse.org/Bug_Reporting_FAQ.
. Wir freuen uns über Ihre Hinweise, Anregungen und Vorschläge zu diesem Handbuch und den anderen Teilen der Dokumentation zu diesem Produkt. Bitte verwenden Sie die Funktion "Benutzerkommentare" unten auf den einzelnen Seiten der Onlinedokumentation, um Ihre Kommentare einzugeben.