SELinux and AppArmor have been around for many years, but are still essential for maintaining a secure Linux environment. This article will cover how to set them up and troubleshoot these mandatory access control (MAC) frameworks. Even if they seem overwhelming at first, learning how they work and how to manage them is an important step… continue reading.
Thanks for asking! I missed mentioning any of that.
For Debian/Ubuntu and *SUSE, AppArmor is the way to go as it’s the system default and well integrated. For RHEL and derivatives they default to SELinux .
For Arch, SELinux is possible, but not commonly used because of the complexity of setup and maintenance. AppArmor is easier to config, but most Arch users (not a popular distro for servers) rely on traditional DAC (Discretionary Access Control) security instead of MAC (Mandatory Access Control) frameworks.
If you’re running a server and require serious security, SELinux is worth considering. For desktops and workstations, AppArmor is more practical.
Really good article, took me down some rabbit holes you did have one error in the command for Deb/Unbun, it’s apt install <program> -y not apt-get, that command has been “depreciated” and used mostly for scripting purposes now. Also AppArmor comes installed on Debian when you install it. You can verify it’s running by putting systemctl status apparmor.
You also didn’t mention the Debian Administrators handbookwhich has a great section on AppArmor. Or the Debian project’s home page which has a great search function that points you to Chapter 14 of the Debian Administrators guide. which has most of the answers on setting up a Debian based system. and of course there’s always man apparmor for any distro worth a darn.
you did have one error in the command for Deb/Unbun, it’s