Working With AppArmor Profiles

In this lab, we will be working with AppArmor profiles. We will edit an existing AppArmor profile as well as create a new profile.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Change the dhclient AppArmor profile to complain mode.

Note: Please wait about 6 minutes to allow the server to finish provisioning before connecting via ssh.

In order to make changes to AppArmor profiles, first we must install the apparmor-utils package with the following command:
```
sudo apt-get install -y apparmor-utils
```
In order to change the dhclient AppArmor profile to complain mode, run the following command:
```
sudo aa-complain /sbin/dhclient
```
Lastly, we must restart the AppArmor service for the changes to take effect:
```
sudo systemctl reload apparmor.service
```

Create a new AppArmor profile for Xtightvnc and set its profile to complain mode.

To create a new AppArmor profile for Xtightvnc, run the following command:
```
sudo aa-genprof Xtightvnc
```
Then, press F to finish creating the profile.
Next, set the new Xtightvnc AppArmor profile to complain mode:
```
sudo aa-complain /usr/bin/Xtightvnc
```
Lastly, we need to restart the AppArmor service for the changes to take effect:
```
sudo systemctl reload apparmor.service
```

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Working With AppArmor Profiles

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter