Details
AppArmor profiles define what resources applications are able to access.
Rationale:
Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that any policies that exist on the system are activated.
Solution
Run one of the following commands to set all profiles to either enforce OR complain mode
Run the following command to set all profiles to enforce mode:
# aa-enforce /etc/apparmor.d/*
Run the following command to set all profiles to complain mode:
# aa-complain /etc/apparmor.d/*
Run the following command to list unconfined processes:
# aa-unconfined
Any unconfined processes may need to have a profile created or activated for them and then be restarted.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.