Chapter 2. Selecting Programs to Immunize


2.1. Immunize Programs That Grant Privilege
2.2. Inspect Open Ports to Immunize Programs

Novell® AppArmor quarantines programs to protect the rest of the system from being damaged by a compromised process. You should inspect your ports to see which programs should be profiled (refer to Section 2.2, “Inspect Open Ports to Immunize Programs” (↑Novell AppArmor 2.0 Administration Guide)) and profile all programs that grant privilege (Section 2.1, “Immunize Programs That Grant Privilege” (↑Novell AppArmor 2.0 Administration Guide)).

2.1. Immunize Programs That Grant Privilege

Programs that need profiling are those that mediate privilege. The following programs have access to resources that the person using the program does not have, so they grant the privilege to the user when used:

cron jobs

Programs that are run periodically by cron. Such programs read input from a variety of sources and can run with special privileges, sometimes with as much as root privilege. For example, cron can run /usr/bin/updatedb daily to keep the locate database up to date with sufficient privilege to read the name of every file in the system. For instructions for finding these types of programs, refer to Section 2.2.1, “Immunizing Cron Jobs” (↑Novell AppArmor 2.0 Administration Guide).

Web Applications

Programs that can be invoked through a Web browser, including CGI Perl scripts, PHP pages, and more complex Web applications. For instructions for finding these types of programs, refer to Section 2.2.2, “Immunizing Web Applications” (↑Novell AppArmor 2.0 Administration Guide).

Network Agents

Programs (servers and clients) that have open network ports. User clients such as mail clients and Web browsers, surprisingly, mediate privilege. These programs run with the privilege to write to the user's home directories and they process input from potentially hostile remote sources, such as hostile Web sites and e-mailed malicious code. For instructions on finding these types of programs, refer to Section 2.2.3, “Immunizing Network Agents” (↑Novell AppArmor 2.0 Administration Guide).

Conversely, unprivileged programs do not need to be profiled. For instance, a shell script might invoke the cp program to copy a file. Because cp does not have its own profile, it inherits the profile of the parent shell script, so can copy any files that the parent shell script's profile can read and write.