Enable AppArmor or SELinux on Ubuntu 16.04 LTS

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Eddie_Paul_Litz
    PCHF Member
    • Jan 2017
    • 458
    #1

    Enable AppArmor or SELinux on Ubuntu 16.04 LTS

    On Ubuntu 16.04, how do I enable AppArmor or SELinux? It’s not in the Ubuntu App Store it won’t even work in Terminal. How do I enable one of them?
    Tags: None
    • veeg
      PCHF Director
      • Jul 2016
      • 8982
      #2
      Hello Eddie

      Hopefully some of our members will chime in soon..

      jmarket @Twitch6000

        Comment

        • veeg
          PCHF Director
          • Jul 2016
          • 8982
          #3
          Sorry for the no replies.

          jmarket @Rustys @gus @Bruce

            Comment

            • Bruce
              PCHF Moderator
              • Oct 2017
              • 10702
              #4
              Sorry, @vger, my Linux skills are that good.

                Comment

                • plodr
                  PCHF Member
                  • Aug 2016
                  • 1021
                  #5
                  I don’t run Ubuntu.

                  AppArmor is enabled by default.
                  Source: AppArmor - Ubuntu Wiki
                  AppArmor support was first introduced in Ubuntu 7.04, and is turned on by default in Ubuntu 7.10 and later.
                  Pages for 16.04
                  Ubuntu Manpage: AppArmor - kernel enhancement to confine programs to a limited set of resources.
                  Ubuntu Manpage: apparmor.d - syntax of security profiles for AppArmor.

                    Comment

                    • jmarket
                      PCHF Owner
                      • Jan 2015
                      • 7634
                      #6
                      You can not use AppArmor and SELinux together. It’s one or the other.

                      AppArmor is enabled by default on kernels 2.6.36 and later. SELinux has to be manually installed.

                      If you wish to do so, you may follow the below instructions at your OWN RISK. I or anyone at PCHF assumes no responsibility for what may happen.
                      1. Stop the AppArmor script in /etc/init.d/

                      [ICODE]sudo /etc/init.d/apparmor stop[/ICODE]
                      1. Purge AppArmor from the system.

                      [ICODE] sudo apt purge apparmor[/ICODE]
                      If you want to keep AppArmor’s config files, use the below command instead:
                      [ICODE]sudo apt remove apparmor[/ICODE]
                      1. Update and reboot your system

                      Code:
                      sudo apt update && upgrade -yuf
sudo reboot
                      1. Install SELinux

                      Code:
                      sudo apt install selinux
sudo reboot
                      1. You can determine whether or not SELinux is enforcing security on your system by trying to set SELinux to enforcing mode.

                      Code:
                      pchf@ubuntu:~# sudo setenforce 1
pchf@ubuntu:~# sudo getenforce
Enforcing
                      1. To maintain enforcing mode after reboot, modify the SELinux configuration file in /etc/selinux/config from the default SELINUX=permissive to SELINUX=enforcing

                      Code:
                      # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing

                        Comment

                        • veeg
                          PCHF Director
                          • Jul 2016
                          • 8982
                          #7
                          Any updates for us?

                            Comment

                            • Eddie_Paul_Litz
                              PCHF Member
                              • Jan 2017
                              • 458
                              #8
                              None that I can think of.

                                Comment

                                • veeg
                                  PCHF Director
                                  • Jul 2016
                                  • 8982
                                  #9
                                  So Eddie did you get what you needed from JM’s last post,if yes what was the result?

                                    Comment

                                    • Eddie_Paul_Litz
                                      PCHF Member
                                      • Jan 2017
                                      • 458
                                      #10
                                      It seemed like AppArmor was already running by default so I decided to leave it as it is when I installed Ubuntu.

                                        Comment

                                        Previous template Next
                                        Working...

                                          We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                          By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                          I Agree