About This Guide
Novell® AppArmor is designed to provide easy-to-use application security for both
servers and workstations. Novell AppArmor is an access control system that lets you
specify per program which files the program may read, write, and execute. AppArmor
secures applications by enforcing good application behavior without relying on attack
signatures, so can prevent attacks even if they are exploiting previously unknown vul-
nerabilities.
Novell AppArmor consists of:
• A library of AppArmor profiles for common Linux* applications describing what
files the program needs to access.
• A library of AppArmor profile foundation classes (profile building blocks) needed
for common application activities, such as DNS lookup and user authentication.
• A tool suite for developing and enhancing AppArmor profiles, so that you can
change the existing profiles to suit your needs and create new profiles for your own
local and custom applications.
• Several specially modified applications that are AppArmor enabled to provide en-
hanced security in the form of unique subprocess confinement, including Apache
and Tomcat.
• The Novell AppArmor–loadable kernel module and associated control scripts to
enforce AppArmor policies on your openSUSE™ system.
This guide covers the following topics:
Immunizing Programs
Describes the operation of Novell AppArmor and describes the types of programs
that should have Novell AppArmor profiles created for them.
Profile Components and Syntax
Introduces the profile components and syntax.
Building and Managing Profiles With YaST
Describes how to use the AppArmor YaST modules to build, maintain and update
profiles.
