12.1 Ensure the AppArmor Framework Is Enabled

Information

AppArmor is a Linux kernel security module that provides named-based mandatory access control with security policies. AppArmor can enforce rules on programs for file access and network connections and restrict actions based on defined policies.

Rationale:

Web applications and web services continue to be one of the leading attack vectors for criminals to gain access to information and servers. The threat is high because web servers are often externally accessible and typically have the greatest share of server-side vulnerabilities. The AppArmor mandatory access controls provide a much stronger security model which can be used to implement a deny-by-default model only allowing what is explicitly permitted.

Solution

Perform the following to implement the recommended state:

1. If the 'aa-status' command is not found, the AppArmor package is not installed and needs to be installed using the appropriate Linux distribution package management. For example:

# apt-get install apparmor
# apt-get install libapache2-mod-apparmor

2. To enable the AppArmor framework, run the 'init.d' script as shown below.

# /etc/init.d/apparmor start

See Also

https://workbench.cisecurity.org/files/2020

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv6|2.2

Plugin: Unix

Control ID: a42a21ce8610ff61827dd85870654f19424040ab9975edba65cbff8f3d44b26e