Linux Server Admin with Fexingo: Sysadmin, Bash, and Server Engineering

How to Harden Your Linux Server with AppArmor Profiles


Listen Later

In this episode of Linux Server Admin, Lucas and Luna dive into AppArmor—the mandatory access control system that's simpler than SELinux but powerful enough to confine major services like Nginx, MySQL, and Apache. They walk through a real-world case: a misbehaving PHP script that tried to write to /etc/passwd on a production web server, and how an AppArmor profile blocked it instantly. Lucas explains the difference between complain mode and enforce mode, how to generate profiles with aa-genprof, and why you should never run a profile in complain mode in production without auditing the logs. Luna challenges whether AppArmor is enough by itself, and they discuss defense-in-depth. A concrete episode for anyone running Linux servers who wants to lock down services without the overhead of SELinux.

#AppArmor #LinuxSecurity #MandatoryAccessControl #ServerHardening #NginxSecurity #MySQLSecurity #aaGenprof #LinuxSysadmin #SecurityProfiles #LinuxServer #Infosec #Sysadmin #Technology #LinuxAdmin #FexingoBusiness #BusinessPodcast #TechPodcast #DevOps

Keep every episode free: buymeacoffee.com/fexingo

...more
View all episodesView all episodes
Download on the App Store

Linux Server Admin with Fexingo: Sysadmin, Bash, and Server EngineeringBy Fexingo