by Christian Boltz

Christian Boltz is a long-term openSUSE contributor, starting with lots of bugreports in the time when it was still named 'SUSE Linux". Nowadays, he also maintains the AppArmor and PostfixAdmin package, including lots of upstream contributions to those projects.

AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies, called profiles, completely define what system resources individual applications can access, and with what privileges. A number of default profiles are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor profiles for even very complex applications can be deployed successfully in a matter of hours.

This talk gives an introduction to AppArmor. I'll show the AppArmor tools to create and update profiles and also explain the profile syntax so that you can understand and manually edit profiles. I'll also show some advanced usage - securing a typical webserver, setting up read-only root access to do backups and how to (ab)use AppArmor for debugging.

Slides (PDF)

2016 June 24 10:00
1 h
openSUSE Conference 2016
Technology & Development