search

🐧Linux AppArmor Labs

🚧 Under Construction!!

hashtag
🎯 Objective

Learn how AppArmor profiles work, how to inspect and apply them, and how to debug blocked actions on a real Linux system.

hashtag
🧰 Prerequisites

  • Linux system with AppArmor support (Ubuntu, Debian, openSUSE)

  • Root or sudo access

  • Tools: apparmor-utils, auditd

hashtag
Install required packages

sudo apt update
sudo apt install apparmor-utils auditd

hashtag
Confirm AppArmor is enabled

sudo aa-status

βœ… Expected Output:

apparmor module is loaded.
171 profiles are loaded.
76 profiles are in enforce mode.
<...>

hashtag
πŸ”Ή Lab 1: View Active AppArmor Profiles

βœ… Shows which profiles are loaded, in enforce or complain mode.

hashtag
πŸ”Ή Lab 2: Put an Application in Complain Mode

hashtag
Step 1: Switch a known app to complain mode

hashtag
Step 2: Run the app and view logs

βœ… Logs show actions that would be denied in enforce mode.

hashtag
πŸ”Ή Lab 3: Enforce a Profile and Trigger a Denial

hashtag
Step 1: Switch to enforce mode

hashtag
Step 2: Trigger restricted behavior

❌ Expected: Access denied or failure due to enforced policy.

hashtag
πŸ”Ή Lab 4: Write and Load a Custom Profile

hashtag
Step 1: Create a test script

hashtag
Step 2: Run it once (it should succeed with sudo)

hashtag
Step 3: Generate a new profile

βœ… Use guided prompts to define rules (deny reading /etc/shadow).

hashtag
πŸ”Ή Lab 5: View and Edit AppArmor Profiles

Profiles live in:

βœ… Profiles are human-readable and easily editable.

hashtag
πŸ”Ή Lab 6: Monitor and Audit Denials

βœ… Provides detailed trace of blocked actions.

hashtag
βœ… Wrap-Up

  • You listed and managed AppArmor profiles.

  • You enforced and monitored application restrictions.

  • You created and tested a custom policy.

  • You audited real-world access denials.

PreviousAdvancedNextLinux SELinux Labs

Last updated