Details

AppArmor profiles define what resources applications are able to access. Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that any policies that exist on the system are activated.

NOTE – Apparmor does not appear to be installed.

Solution

Run the following command to set all profiles to enforce mode: # enforce /etc/apparmor.d/* Any unconfined processes may need to have a profile created or activated for them and then be restarted.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1864https://workbench.cisecurity.org/files/1864

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-3(3)
• CSCv6|14.4

Source

• Tenable.com/audits