AppArmor Basics for Sysadmins

Photo by Henry Hustava / Unsplash

Welcome to the mini-series on AppArmor basics. AppArmor is a very old kernel-level program resource confining technology that can be used to enforce the access controls and log the violations for further incident response. It is used to prevent the application (instead of users) from accessing authorised resources. In my recent series on Linux privilege escalation, I have introduced MAC access control. In this series, you will learn how to work with it and the common misconfigurations that could lead to privilege escalations in the system.

Pre-requisite Knowledge

Requirements

  • Paid account of PentesterAcademy to practice the labs
  • The latest version of chrome or firefox

Topics

  1. Understanding AppArmor Kernel Enhancement
  2. Disallowing CAP_NET_RAW Capability for Root User using AppArmor
  3. Writing AppArmor Profile from Scratch
  4. Confining Resources inside Docker Containers with AppArmor
  5. Abusing Common Misconfigurations on the System to Escalate Privileges