Bound and Armed
September 12, 2010Just completed my configuration of Bind9 and entered into the world of AppArmor.
From what I read, AppArmor appears to help protect my system from the “unknown” security flaws by limited access when someone manages to break through an exploit. I’m sure it won’t be the end all be all of security, but it goes with my philosophy of having a nice layered approach with security.
The hardest part was figuring out how to add applications. By default AppArmor already has a profile for Bind9. The command to execute is:
sudo aa-genprof vsftpd
I used VSFTPD since that is the one I want to secure. It will go through the process of asking you some questions which are pretty straight forward. At the end, it will ask you to launch the service, and then use it. At which point when you are done, you’ll have AppArmor scan the log files for how the program behaved. My guess is that is how AppArmor knows when the application is doing something it isn’t suppose to.
You will then save the new profile and it should be activated.
However I ran into this error when trying to save the profile:
RPC::XML::Client::send_request: HTTP server error: Not Found
Thankfully this blogger had the solution.
Bind9 was pretty easy to setup. The configuration was a bit different then what I’m used to in FreeBSD, but overall went well. Just use this guide and you should do fine.
https://help.ubuntu.com/community/BIND9ServerHowto
Next up will be Email, which could be the hardest thing to put together.
