Menene AppArmor don kuma yadda yake inganta tsaro a cikin Linux

Diego Germán González

4 minti

Menene AppArmor don

Na dogon lokaci, masu amfani da Linux sun kasance kamar masu ba da labari na ƙananan aladu uku. Wani jin ƙarya ya sa muka gaskata cewa mun tsira daga matsalolin tsaro waɗanda Windows ke yawan cin zarafin su.

Hakikanin gaskiya ya nuna mana cewa ba mu zama marasa rinjaye kamar yadda muke zato ba. Kodayake, don yin adalci, an gano yawancin raunin da aka ruwaito a cikin ɗakunan tsaro na kwamfuta kuma, yanayin da ake buƙata don cin moriyar su da wuya ya kasance a cikin ainihin duniya, har yanzu akwai isassun matsaloli don kada mu rage masu tsaron mu.

Matakan tsaro na kwaya na Linux

Babbar yarjejeniya tsakanin kwararrun masana harkar tsaro ta IT ita ce matakan hana shiga cikin tsarin ba tare da izini ba kamar firewalls ko hanyoyin gano kutse ba su wadatar ba don dakatar da karuwar hare -hare. Ya zama dole a kafa sabon layin tsaro wanda, a yayin shigowar mara izini a cikin tsarin, baya barin mai mamaye ya aikata wani abu mai cutarwa.

Ka'idar mafi ƙarancin gata

Ka'idar mafi ƙanƙanta gata ta kafa azaman ƙaƙƙarfan dokar tsaro cewa masu amfani da tsarin kwamfuta yakamata su karɓi mafi ƙarancin gata da albarkatun da ake buƙata don aiwatar da takamaiman aikin su. Ta wannan hanyar, an rage amfani da aikace -aikacen da bai dace ba ko sakaci ko hana shi kasancewa vector na harin kwamfuta.

Na dogon lokaci, masu amfani da Linux sun gina amincewar mu akan tsaron tsarin aikin mu akan injin kernel da aka sani da Discretionary Access Control. Ikon Samun Ilimi mai ƙima yana ƙayyade waɗanne albarkatun tsarin masu amfani da aikace -aikace za su iya shiga.

Matsalar ita ce yawan zaɓin ku yana da iyaka kuma cewa, kamar yadda kalmar hankali ta nuna, wasu masu amfani da isasshen izini na iya yin gyare -gyare waɗanda masu aikata laifuka na yanar gizo za su iya amfani da su.

Ikon Samun Iko

Ikon Samun Ido na wajibi ya bambanta da Ikon Samun Ilimi a cikin wancan tsarin aiki yana ƙuntata abin da aikace -aikacen za su iya yi bisa ga umarnin da mai sarrafa tsarin ya kafa kuma sauran masu amfani ba sa iya gyarawa.

A cikin kernel na Linux wannan shine alhakin Tsarin Tsaro na Tsaro na Linux wanda ke ba da hanyoyi daban -daban waɗanda za a iya kira daga kayan aiki kamar wanda aka ambata a cikin wannan labarin.

Menene AppArmor don?

AppArmor yana amfani da Tsarin Ikon Samun Ikon Dole don haɓaka amincin rarraba Linux. Ya dogara da Module na Tsarin Tsaro na Linux don iyakance halayen aikace -aikacen mutum gwargwadon manufofin da mai gudanarwa ya kafa.

An bayyana waɗannan umarnin a cikin fayilolin rubutu mara kyau da aka sani da bayanan martaba. Godiya ga bayanan martaba, mai gudanar da tsarin na iya ƙuntata samun dama ga fayiloli, hulɗar yanayin tsakanin matakai, kafa a cikin abin da za a iya shigar da tsarin fayil, iyakance hanyar sadarwa, ƙayyade ƙarfin aikace -aikacen. Da albarkatu nawa za ku iya amfani da su. A takaice dai, bayanin martaba na AppArmor ya ƙunshi jerin sunayen halayen da aka yarda da su ga kowane aikace -aikacen.

Amfanin wannan hanyar shine:

  • Yana ba masu gudanarwa damar amfani da ƙa'idar mafi ƙarancin gata ga aikace -aikace. A yayin da aikace -aikacen ya lalace, ba zai iya samun damar fayilolin ba ko aiwatar da ayyuka a waje da abin da aka kafa azaman ma'aunin aiki na al'ada.
  • An rubuta bayanan martaba a cikin yaren sada zumunci na mai gudanarwa kuma an adana shi a wuraren da zaka iya samun dama cikin sauƙi.
  • Ana iya kunna aikace -aikacen bayanan sirri ko kashe su ba tare da la'akari da abin da ke faruwa ga sauran bayanan ba. Wannan yana bawa masu gudanarwa damar kashewa da cire takamaiman bayanin martaba don takamaiman aikace -aikacen ba tare da ya shafi aikin sauran tsarin ba.
  • A yayin da aikace -aikacen ke ƙoƙarin yin duk wani aiki da ya saɓa da abin da aka kafa a cikin bayanin martaba, taron ya shiga. Ta wannan hanyar masu gudanarwa suna karɓar gargaɗin farko.

AppArmor baya maye gurbin Ikon Samun Ikon AikiA takaice dai, ba za ku iya ba da izinin wani abu da aka hana ba, amma kuna iya hana wani abin da aka halatta.

AppArrmour ya zo tare da wasu kayan aikin da aka riga aka girka su akan manyan rabe-rabe na Linux, kuma kuna iya samun ƙarin abubuwa a cikin wuraren ajiya.

Kuna iya samun ƙarin bayani a shafin na aikin


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Fatalwa m
    sa 3 shekaru

    Shin AppArmor ba sulke bane….??????????????????

    Amsa zuwa Fantasmon
    1.    Diego Bajamushe Gonzalez m
      sa 3 shekaru

      Tabbatacce. Da zaran zan iya gyara shi
      na gode

      Amsa wa Diego Germán González