AppArmor policy is not set to run in enforced mode
Description
AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. AppArmor profiles have two modes of execution. Complaining/Learning: profile violations are permitted and logged. Enforced/Confined: enforces profile policy as well as logging the violation. Fixing this misconfiguration will configure AppArmor to operate in enforced mode.
Severity
critical
Category
Linux - AppArmor Hardening
Resolution
Follow the below steps to resolve the misconfiguration.
Run the following command to set all profiles to enforce mode:
sudo aa-enforce /etc/apparmor.d/*
Any unconfined processes may require a profile to be created or activated, and they may need to be restarted subsequently.
Note: The apparmor-utils package is required to run and manage AppArmor
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
