1.6.2.2 Ensure all AppArmor Profiles are enforcing

Information

AppArmor profiles define what resources applications are able to access. Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that any policies that exist on the system are activated.

NOTE - Apparmor does not appear to be installed.

Solution

Run the following command to set all profiles to enforce mode: # enforce /etc/apparmor.d/* Any unconfined processes may need to have a profile created or activated for them and then be restarted.

See Also

https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_11_Benchmark_v2.0.0.pdf