Difficulty: Beginner

Estimated Time: 10 minutes

In this scenario, you will learn how to install and apply AppArmor profiles.

In the second step of the scenario, you will learn how to create and customise your own AppArmor profile by using Bane, a tool created by Jess Frazelle

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Your environment is currently being packaged as a Docker container and the download will begin shortly. To run the image locally, once Docker has been installed, use the commands

cat scrapbook_docker-security_bane_container.tar | docker load

docker run -it /docker-security_bane:20181214

Restart Scenario

Next Scenario

Bane - AppArmor Profile Generator

Step 1 of 2

AppArmor

Upgrade Docker

curl -fsSL get.docker.com | bash

AppArmor Nginx Profile

cat docker-nginx

This is a profile designed for the nginx Container.

Parse

Use the parser to install the profile on the machine

sudo apparmor_parser -r -W docker-nginx

Run With Profile

Once installed, it can be assigned to a container.

docker run --security-opt apparmor=docker-nginx -d --name apparmor-nginx nginx

View Status

View the status of the AppArmor policies. Notice how nginx is in enforce mode.

aa-status

Test

Execute Into Container: docker exec -it apparmor-nginx bash

Try the following commands:

touch ~/thing
touch /bin/ps
sh

The commands will fail because the Profile blocks them.

Terminal

cd <directory>	Change directory
ls	List directory
echo 'contents' > <file>	Write contents to a file
cat <file>	Output contents of file

i	In Command Mode	Change into Insert Mode, you can now insert and edit text in the file
esc	In Insert Mode	Change into Command Mode, you can now execute commands
:wq	In Command Mode	Save and Exit

Welcome!

Docker Security - Bane - AppArmor Profile Generator

Congratulations!

You've completed the scenario!

Scenario Rating

Steps

Bane - AppArmor Profile Generator

AppArmor

Upgrade Docker

AppArmor Nginx Profile

Parse

Run With Profile

View Status

Test

Bane

Welcome!

Docker Security - Bane - AppArmor Profile Generator

Congratulations!

You've completed the scenario!

Scenario Rating

Steps

Bane - AppArmor Profile Generator

AppArmor

Upgrade Docker

AppArmor Nginx Profile

Parse

Run With Profile

View Status

Test

Bane

Help

Vim

Welcome! Connect to start

...or sign up using your email

Sign up using your email

You’ll love Katacoda

Guided Path

Learn By Doing

Stay up-to-date

Welcome back! Connect to start

...or log in using your email

Log in using your email

You’ll love Katacoda

Guided Path

Learn By Doing

Stay up-to-date

Welcome! Enter your email address to connect

😺

Have some feedback for us? Please tell us what's happening so we can improve Katacoda.

Debug Information