Ensure AppArmor is not disabled in bootloader configuration

Details

Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. AppArmor must be enabled at boot time in your bootloader configuration to ensure that the controls it provides are not overridden.

Solution

Edit /boot/grub/menu.lst and remove all instances of apparmor=0 on all kernel lines.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1864https://workbench.cisecurity.org/files/1864

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-3(3)
CSCv6|14.4

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles