is there a particualar app listed as apparmor, or is it a series of seperate programs that act as a whole? if the latter, which programs are these. i just got really lucky with my installation of 11.2, and i’m trying to confirm my success.
to start, see http://en.opensuse.org/Apparmor
and follow all the links in that page…
word to the wise: with AppArmor you can make your system so secure
that not even you can get into it (and that is VERY secure!)…
so, be careful…read the documentation…or you will find yourself
outside looking in and wondering if there is a solution other than a
new format install…
more than one has come here to recount a tale of woe about “trying”,
“playing around”, or “experimenting” with AppArmor and seeking
assistance in undoing the damage…
–
palladium
I agree with palladium - AppArmor is a very innovative way of securing a system and provides a good additional shield, but before customising it, you should know some deal about security principles and the usage of AppArmor itself, otherwise there’s the risk of security being too tight (or loose). AppArmor comes preconfigured for many common applications and is in use when booting a default SuSE, so… just keep it like it is for now. 
I agree completely with what palladium and gropiuskalle wrote.
If you want to check if apparmor is really installed and running on your
system run the following command as root
/usr/sbin/apparmor_status
which will tell you something similar to this if installed and running
apparmor module is loaded.
11 profiles are loaded.
11 profiles are in enforce mode.
/usr/sbin/ntpd
/usr/sbin/identd
/usr/share/git-web/gitweb.cgi
/sbin/klogd
/sbin/syslogd
/sbin/syslog-ng
/usr/sbin/traceroute
/usr/sbin/nscd
/bin/ping
/usr/sbin/mdnsd
/usr/sbin/avahi-daemon
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode :
/usr/sbin/nscd (1758)
/usr/sbin/avahi-daemon (1658)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
I am going to try and running that last command tonight, but just to verify, you guys are saying that after the initial install, Apparmour should be up and running by default, so new users like us don’t really have to worry about that (at first, to begin with?)
Thank you,
-cheers
Yes, just as you say.
correct…a default openSUSE (from perfect install media you know came
from opensuse.org and tests good with md5sum checking) is born safer
than most (many?) other Linux and ALL Redmond…
it will have a functioning and generically tuned Firewall and AppArmor
at your service and ON GUARD…if you do not know what you are doing
you are as likely to make it less safe as more safe by experimenting
without reading/understanding…
–
palladium
running the apparmor_status command turned up no such directory, i installed with 11.2 install dvd, but i’m not up to figuring the md5checksum, so i’m not sure how well it all worked. the system is running fine, but as i said apparmor is nowhere to be found. is there a way to get it post-install, or should i re-install with a confirmed installation disc as opposed to the one i used initially?
The command does not give you any output at all? Did you execute it as root?
wikiwikiwoodrow wrote:
> running the apparmor_status command turned up no such directory, i
> installed with 11.2 install dvd, but i’m not up to figuring the
> md5checksum, so i’m not sure how well it all worked.
it sounds a lot like you have a corrupted install disk…
-
did you get your install image from
http://software.opensuse.org/112/en ? (if not, then where?) -
did you check the md5sum of the downloaded iso?
-
burn the disk as slow as you can?
-
use good media?
-
do this http://tinyurl.com/yajm2aq before install attempt?
if you answered “no” (or “don’t know”) to any of those then see the
following links, (where you will find, among other things how to check
the md5sum)
http://en.opensuse.org/Download_Help
http://tinyurl.com/yhf65pv
http://tinyurl.com/ycly3eg
–
palladium
ok, after further digging thru the GUI, i found apparmor, though thanks for the links, which i am sure i will still need. my skills in the CLI aren’t too developed yet, but i’m working on it. as far as i can tell, i still got extremely lucky with my install, every problem i’ve run into has been user error or easily remedied through a decent amount of luck and modest persistence.
wikiwikiwoodrow wrote:
> every problem i’ve run into has been user error or easily remedied
> through a decent amount of luck and modest persistence.
that is true for at least 80% of the problems here…either could have
been avoided by reading the documention before “trying” everything
possible…OR, reading the documentation afterwards (with
persistence) to FIX the just made mess…
we do have a few bugs pop up occasionally, and some hardware
failures…most of everything else just an aversion to reading…
–
palladium
i appreciate as much help as i can get, i plan on taking linux somewhere, so i’d much rather be able to fix my mistakes, but at the same time know how i could have avoided them if i wanted to take the easy way. i’ve already progressed in leaps and bounds towards using the CLI, and hopefully i can continue. just out of curiosity, how do you mark a thread solved?
wikiwikiwoodrow wrote:
> just out of curiosity, how do you mark a thread solved?
technically it can’t be done here…i think there is somewhere a way
you can ‘tag’ it solved…but, putting SOLVED in the subject line,
take magic we don’t have…
been discussed many times in
http://forums.opensuse.org/forums-comments-suggestions/
http://forums.opensuse.org/forum-usage-support-information/
and other places…you can use the forum’s advanced search function
to pull it out and read…or, just take my word for it…
–
palladium