AppArmor
AppArmor is a Linux security module that restricts program behavior using path-based profiles.
Why it matters
- Reduces blast radius when an exposed process is compromised.
- Easier profile model for many teams compared to label-based systems.
- Widely used in Debian/Ubuntu-centric environments.
Operational notes
- Start from complain mode to baseline behavior.
- Promote to enforce mode after profile tuning.
- Keep profiles versioned and reviewed with infra changes.