apparmor

Mandatory Access Control System in Linux KernelAppArmorBecause I recently studied the implementation of the OJ (oline judge) Background security module, I have been studying the sandbox in Linux and found that Apparmor can provide access control.AppArmor (Application Armor) is a security module of the Linux kernel. AppArmor allows the system administrator to associate each program with a security configurat

fact was that we had Facebook. What we are doing with computers today may be the dream of people more than 40 years ago, even though we still rely on operating systems designed decades ago. This is the challenge for Linux developers. To ensure Linux security, software engineers must insert security components around the Linux kernel, Morris said. The earliest security mechanism in Linux was unix dac, followed by POSIX, access control list, private and PID namespace, encryption, Linux security m

chroot of the system, you need to modify the related files under/etc/apparmor. d. here, we use mysql as an example. you need to modify the two files: usr. sbin. mysqld and abstractions/mysql.1. modify usr. sbin. the following two lines in mysqld:/var/lib/mysql/r. change to/usr/local/mysql/r,/var/lib/mysql/** rwk, and change: /usr/local/mysql/** rwk,2. modify the statement actions/mysql line:/var/lib/mysql. sock rw to/usr/local/mysql. sock rw,3. reloa

' all.txt /etc/etc/securetty/etc/python2.6/etc/python2.6/sitecustomize.py/etc/bash.bashrc/etc/apparmor/etc/apparmor/severity.db/etc/apparmor/subdomain.conf/etc/apparmor/functions/etc/apparmor/logprof.conf Options for the first grid of the output row: -N: displays the row n

= 3307 and data dir =/var/lib/mysql3307 new instance port = 3308 and data dir =/var/lib/mysql3308 MySQL must own data dirs we need to set rules in AppArmor MySQL access the new dirs sudo mkdir/var/lib/mysql3307 sudo mkdir/var/lib/mysql3308sudo chown-r mysql/var/lib/mysql3307sudo chown-r MySQL/ var/lib/mysql3308 Creating Log Directories Create separate log dirs for new MySQL instances Default log dir = /var/log/mysql New

example, the PID namespace restricts which processes can be seen within a container. Each container running on a host shares a common underlying kernel. Containers are isolated from one another, which–from a security standpoint–is advantageous. However, if the host OS is compromised, all containers running to it are at risk. Similarly, if a container is using a vulnerable library, it could being exploited to gain access to the underlying host. Securing the Host OS The underlying host OS needs t

be as close to the synchronization status as possible during operation. Some encryption key management systems require accurate time. Finally, for enterprise servers, Sarbanes-Oxley and HIPAA) the correct timestamp mechanism is required. $ sudo apt-get -y install openntpd tzdata$ sudo dpkg-reconfigure tzdata$ sudo service openntpd restart Disable AppArmor conflicts Although the AppArmor suite does provide

original database to the new location by taking the location of/home/mysql as an example: $ Sudo cp-R-p/var/lib/mysql/home/mysql Edit the MySQL configuration file: $ Gksu gedit/etc/mysql/my. cnf Find the datadir line in gedit, change the content after the equal sign to/home/mysql, and save and exit. Since Ubuntu 7.10, Ubuntu has started to use a security software called AppArmor, which creates a region in your file system that allows application acce

/Etc/OS-release For example: Include or exclude specific file names in the search The grep command can also contain only specific files as part of the search. For example, we only want to search for specific text/strings in the configuration file with the extension. conf. In the next example, all files with the. conf extension containing the string bash will be found in the/etc directory: Bkjia @ bkjia :~ $ Sudo grep-Ril bash/etc/*. conf/Etc/adduser. conf Or Bkjia @ bkjia :~ $ Sudo grep-Ril -- i

The default database file storage location for MySQL installed in Ubuntu is/var/lib/MySQL, What is the file structure of the MySQL database? For the Database Command created in this way:Create Database mysqldbThe default database storage location contains a folder named mysqldb. To operate the database, you must stop the database process first:$ Sudo/etc/init. d/MySQL stop The following command transfers the original database to the new location by taking the location of/home/MySQL as an exampl

to bring up MySQL again, but there's one more thing to configure before we can do that succ Essfully.Step 3-configuring AppArmor Access Control RulesWe ' ll need to-tell AppArmor-let MySQL write to the new directory by creating an alias between the default directory and The new location. To does this, edit the AppArmor alias file: sudo nano/etc/apparmor

What is the file structure of the MySQL database? For the Database Command created in this way: CREATE DATABASE mysqldb The default database storage location contains a folder named mysqldb. To operate the database, you must stop the database process first: $sudo /etc/init.d/mysql stop The following command transfers the original database to the new location by taking the location of/home/mysql as an example: $sudo cp –R –p /var/lib/mysql /home/mysql