OggS ]&OpusHead8 OggS 2<OpusTags Lavf56.40.101 language=eng handler_name=SoundHandler encoder=Lavc56.60.100 libopus major_brand=isom minor_version=512" compatible_brands=isomiso2avc1mp41 author=Christian Boltz genre=Long Talk title=AppArmor Crash CourseT copyright=Licensed to the public under http://creativecommons.org/licenses/by-sa/4.0 album=openSUSE Conference 2016 description=AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies, called profiles, completely define what system resources individual applications can access, and with what privileges. A number of default profiles are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor profiles for even very complex applications can be deployed successfully in a matter of hours.
This talk gives an introduction to AppArmor. I'll show the AppArmor tools to create and update profiles and also explain the profile syntax so that you can understand and manually edit profiles. I'll also show some advanced usage - securing a typical webserver, setting up read-only root access to do backups and how to (ab)use AppArmor for debugging. artist=Christian BoltzOggS
G9q"!-d<Pk}Gp6\*ds;uLԣUKd.aBjU~ܑpTv_0s^)H@)/KVyhqᲔbE4addeHtyKK9wB ޠDQXyB;9e'KqRݿi$KkB57Yif9Og;l;c9ѯIO)VqM̝R
nG{oTfP&2?
%^ c!ۓۓaU|6""ރ #Ly +I1@1MJ:9&m_͚ ~̗Q?FϯxQΊ
^*F5Hn:y6N_mipl4M`UuTcmGKL%H~ 9 .)㚿5\(BE*⿆N==D{eBrմ:uOO)̵TǶJ!CQ`|"j
{d
?q/Ӌʑǩ Mԗ0e
þXϛ6iJQ09)A55K8SG @7eG`փ (m|t2gFn=dOشTPتdћiڪZ#i`Yd}zP]}NkMEbTs пtrP5Q(.s[]ZiEHg˻
$<E#x?8mLo|}&MwL';x**~[OK%fGU
FP(0A(y|?g~cθ8Eɱ$$ǻ/)^o;.fIW)QMA#D]7_ ">GJ"wx~/vk7hOLdMձ}MDDh{:vʸomgU `14E&a٪OCf2!GZ3Pa=Z ]"tUǬNB[D=
n̢͐BS3 QTǂB&XH :Kf`D4n,]gPI뼠Q<:jtj'Ǚ#7 C 8a2KR%/
>N
Y- vg6A)-Ɨch4
sr`ģVt ?[
Aiw+A9JE
@R{?`$Ӑ7- {+MG %
b0er[1I';P2NΑpbݗbaV3yz"LyO&r,ʘrwgΩ$ܮb;7!2Xk[K17(
Q5S;-j,c]EX
:-ڔ1lgem+G{$4C|-mXY
F
;[^"؎︗ư/W7 lQs_CGՎ엛Y:
}'Fa滓)3`c\CqwOp)tD1^n!"\"q$dT\*Y?n89uj1][/'v
O!y칓J͐ "B\h|S2Ȍ *|(㪈dHn*֚6kI'ؽtXZG8 >)o`[Ya!7b,fMRJc l}po( Ofa}*K;s<ϩxsj:~RZ._(.鹬"RTC|_֟wh
/A3 1z#7~R߀_:
?
HWvFm9F^{V6_,[d}o̽d
Xw,v#ueJU$$̄xP":X=Vi4%DQڤFsq45(mT*
'6
SVR8TQC)}ZZK9?TA6)'Vi l>"6*ge$A%1m
l'3!3I|v"v6ݎi+?)+/ H >"92DhIQ%"hcR\JtԚ$Z\Y\Ѩan"남t2F\H y0P$p`5L6[,|6uqj~?nI
\c&9ДNȸrFYƋ̨%L4OeߓiÝJŮغmUO X:TL~^g*aPء伏y7"vFxrဟi