Secure Ubuntu 24.04 with AppArmor – Complete Setup Tutorial
In this guide, you will learn a complete setup tutorial to Secure Ubuntu 24.04 with AppArmor. AppArmor which stands for Application Armor is a Linux Kernel security module. It is used to increase the security of the operating system by limiting the access that applications have to the system’s resources. Also, it uses profiles to define the restrictions for each application.
AppArmor acts in two modes which are:
Enforcement Mode: Actively enforces the restrictions defined in the profiles.Complain Mode: Logs policy violations without enforcing them. It is useful for testing and refining profiles.
Now follow the steps below to Secure Ubuntu 24.04 with AppArmor.
Easily Learn to Secure Ubuntu 24.04 with AppArmor
By default, AppArmor comes pre-installed on Ubuntu 24.04 and can be easily enabled and configured. You must log in to your Ubuntu 24.04 as a root or a non-root user with sudo privileges. To create a sudo user, you can check this guide on Create a Sudo User on Ubuntu 24.04 From Terminal.
Step 1 – Enabling and Checking AppArmor Status on Ubuntu 24.04
As we said, AppArmor is installed by default on Ubuntu 24.04 and must be enabled. To verify AppArmor is enabled, you can run the following command:
cat /sys/module/apparmor/parameters/enabled
In your output, you should get Y which means your AppArmor is enabled. But, if you don’t get the Y output, you can easily enable AppArmor using the Linux kernel command line in the bootloader. To do this, run the following commands:
# sudo mkdir -p /etc/default/grub.d
# echo ‘GRUB_CMDLINE_LINUX_DEFAULT=”$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor”‘
| sudo tee /etc/default/grub.d/apparmor.cfg
# sudo update-grub
# sudo reboot
At this point, you can check your current AppArmor profile status for each app on Ubuntu 24.04. To do this, run the following command:
sudo aa-status
In your output, you will see something similar to this:
As you can see from the output, 134 profiles are loaded and 45 profiles are in enforce mode.
Step 2 – Change AppArmor Profile Modes on Ubuntu 24.04
In this step of Secure Ubuntu 24.04 with AppArmor, if you plan to change your profile modes, you can easily follow the steps below.
To set your profile to complain mode, you can use the following command:
sudo aa-complain your-profile
For example, to set the /usr/bin/man profile to the complain mode, you can run the command below:
sudo aa-complain /usr/bin/man
To set your profile to enforce mode, you can easily use the following command:
sudo aa-enforce your-profile
For example, to set the /usr/bin/man profile to the enforce mode, you can run the command below:
sudo aa-enforce /usr/bin/man
Also, you can modify changes to all profiles. You can set all profiles to enforce or complain mode. To do this, you can use the following commands:
sudo aa-complain /etc/apparmor.d/* #complain-mode
sudo aa-enforce /etc/apparmor.d/* #enforce-mode
Note: If you get any command not found error with AppArmor commands, you must install the AppArmor Utils to fix it. To do this, run the following command:
sudo apt install apparmor-utilsStep 3 – How To Create a New Profile with AppArmor on Ubuntu 24.04?
In this step of setup to secure Ubuntu 24.04 with AppArmor, you will learn to create a new profile. First, you must find the applications that need security they haven’t any profile in AppArmor. For this purpose, you can run the following command:
sudo aa-unconfined
In your output, you will see something similar to this:
Once you find the applications that are not confined, you can use the following command to create a profile for them:
sudo aa-genprof unconfined-app
It will start to create your profile. During the process, press F to finish your setup. By default, it will created as the enforce mode. You can easily change the profile mode like the previous step.
Next, you must reload your AppArmor service to apply the changes:
sudo systemctl reload apparmor.service
At this point, you have learned to Secure Ubuntu 24.04 with AppArmor, let’s see how you can delete a profile and disable AppArmor.
Step 4 – Delete a Profile and Disable AppArmor on Ubuntu 24.04
If you plan to delete a profile from AppArmor, you can navigate to your AppArmor directory with the command below:
cd /etc/apparmor.d/
Then, display all profiles by using the command below:
ls
Now you can easily use the command below to delete an AppArmor profile on Ubuntu 24.04:
rm your-desired profile
If you want to disable your AppArmor service, you can stop the service and disable it by using the following commands:
# sudo systemctl stop apparmor
# sudo systemctl disable apparmor
Also, you can remove the AppArmor completely from your server with the command below:
sudo apt remove –assume-yes –purge apparmor
That’s it, you are done. To get more information, you can visit the official Ubuntu website.
Conclusion
At this point, you have learned to Secure Ubuntu 24.04 with AppArmor. You can easily enable AppArmor, change the profile modes, and create a new profile for unconfined applications. This will help you to increase your system security and reduce potential attacks. Hope you enjoy using it.
Also, you may interested in the following articles:
UFW Firewall Setup on Ubuntu 24.04
Install and Use Metasploit on Ubuntu 22.04
Set up AIDE on Ubuntu 22.04