How to enable AppArmor

From PeerFreedom Wiki
Jump to navigation Jump to search

On newer Debian version (Buster or newer) AppArmor should be enabled by default. You can check that by running command:

$ aa-enabled

If output says Yes you are good to go.



Otherwise, or if you want to enable additional profiles proceed as follows:

1. Install necessary packages:

# apt-get install apparmor apparmor-utils apparmor-profiles apparmor-profiles-extra auditd audispd-plugins

2. Edit and update your bootloader to provide apparmor=1 security=apparmor options to your kernel.

For example in GRUB you must add them to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub and then run:

# update-grub

3. Reboot your system.

4. Check if it is enabled by running:

$ aa-enabled