Details
Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters.
Rationale:
AppArmor must be enabled at boot time in your bootloader configuration to ensure that the controls it provides are not overridden.
Solution
edit /etc/default/grub and add the appermor=1 and security=apparmor parameters to the GRUB_CMDLINE_LINUX= line
GRUB_CMDLINE_LINUX=’apparmor=1 security=apparmor’
update the grub configuration
# update-grub
Notes:
This recommendation is designed around the grub bootloader, if LILO or another bootloader is in use in your environment enact equivalent settings.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.