Yini i-AppArmor nokuthi ikuthuthukisa kanjani ukuphepha ku-Linux

Diego Germán González

Imizuzu ye-4

Yini i-AppArmor ye-

Isikhathi eside, abasebenzisi beLinux babefana nabaphikisi benganekwane yezingulube ezintathu ezincane. Umuzwa ongamanga usiholele ekukholweni ukuthi besiphephile ezinkingeni zokuphepha ama-Windows abeyizisulu zazo njalo.

Iqiniso lisikhombisile ukuthi besingenakuvikeleka njengoba besicabanga. Yize, ukusho iqiniso, ubungozi obuningi obubikiwe butholakele kumalebhu okuphepha kwamakhompiyutha futhi, izimo ezidingekayo ukuzisebenzisa azikho emhlabeni wangempela, kusenezinkinga ezanele ukuze singazehlisi ukuqapha kwethu.

Izinyathelo zokuphepha ze-Linux kernel

Ukuvumelana okujwayelekile phakathi kochwepheshe bezokuphepha kwe-IT ukuthi izinyathelo zokuvimbela ukungena okungagunyaziwe ohlelweni olufana nezicishamlilo noma izindlela zokuthola ukungena ngaphakathi azisenele ukumisa ukuhlaselwa okuya ngokuya kuyinkimbinkimbi. Kuyadingeka ukusungula umugqa omusha wezokuvikela, uma kwenzeka ukungena okungagunyaziwe ohlelweni, kungavumeli umhlaseli ukuthi enze noma yini eyingozi.

Isimiso samalungelo amancane

Umgomo wamalungelo amancane usungula njengomthetho oyisisekelo wokuphepha othi Abasebenzisi bohlelo lwekhompyutha kufanele bathole kuphela isethi ephansi yamalungelo nezinsizakusebenza ezidingekayo ukuze benze umsebenzi wabo othize. Ngale ndlela, ukusetshenziswa okungafanele noma ngokunganaki kohlelo lokusebenza kuyancishiswa noma kuvinjelwe ekubeni i-vector yokungena kokuhlaselwa kwekhompyutha.

Isikhathi eside, ama-linuxers akhe ukuzethemba kwethu ekuvikelekeni kwesistimu yethu yokusebenza kumshini we-kernel owaziwa nge-Discretionary Access Control. I-Discretionary Access Control inquma ukuthi iziphi izinsiza zohlelo abasebenzisi nezinhlelo zokusebenza abangazifinyelela.

Inkinga ukuthi uhla lwakho lwezinketho lilinganiselwe kakhulu nokuthi, njengoba igama discretionary likhombisa, abanye abasebenzisi abanezimvume ezanele bangenza izinguquko ezingasetshenziswa ngabasebenza ngobugebengu be-cyber.

Ukulawulwa Kokufinyelela Okugunyaziwe

Ukulawulwa Kokufinyelela Okugunyaziwe kwehlukile Kokulawulwa Kokufinyelela Ngokuzikhethela kulokho uhlelo lokusebenza lukhawulela okungenziwa izinhlelo zokusebenza ngokuya ngemiyalo esungulwe umphathi wesistimu nokuthi abanye abasebenzisi abakwazi ukukuguqula.

Ku-kernel ye-Linux lokhu kungumthwalo weModyuli Yezokuphepha Ye-Linux Enikezela izinqubo ezihlukile ezingasetshenziswa kumathuluzi afana nalelo okukhulunywe ngalo kulesi sihloko.

Yini i-AppArmor?

I-AppArmor isebenzisa i-Mandatory Access Control paradigm ukuthuthukisa ukuphepha kokusatshalaliswa kwe-Linux. Ithembele kwi-Linux Security Subsystem Module ukukhawulela ukusebenza kwezicelo ngazinye ngokuya ngezinqubomgomo ezibekwe ngumlawuli.

Le mihlahlandlela ivezwa ngendlela yamafayili wombhalo ocacile aziwa njengamaphrofayli. Ngenxa yamaphrofayili, umphathi wesistimu angakhawulela ukufinyelela kwamafayela, ukusebenzisana kwezimo phakathi kwezinqubo, kusungulwe lapho kungasetshenziswa khona uhlelo lwefayela, kukhawulele ukufinyelela kwenethiwekhi, kunqume amandla wohlelo lokusebenza nokuthi zingaki izinsiza ongazisebenzisa. Ngamanye amagama, iphrofayili ye-AppArmor iqukethe uhlu olumhlophe lokuziphatha okwamukelekayo kuhlelo lokusebenza ngalunye.

Izinzuzo zale ndlela yilezi:

  • Ivumela abaphathi ukuthi basebenzise umgomo welungelo elincane ezinhlelweni zokusebenza. Uma kwenzeka uhlelo lokusebenza lufakwa engozini, ngeke lukwazi ukufinyelela kumafayela noma lwenze izenzo ezingaphandle kwalokhu okusungulwe njengepharamitha yokusebenza ejwayelekile.
  • Amaphrofayli abhalwe ngolimi oluhle lomlawuli futhi agcinwa ezindaweni ongazifinyelela kalula.
  • Ukusetshenziswa kwamaphrofayli ngakunye kungavunyelwa noma kukhutshazwe kungakhathalekile ukuthi kwenzekani kwamanye amaphrofayili. Lokhu kuvumela abaphathi ukuthi bakhubaze futhi balungise iphutha lephrofayili ethile yohlelo oluthile ngaphandle kokuthinta ukusebenza kwalo lonke uhlelo.
  • Uma kwenzeka uhlelo luzama ukwenza noma isiphi isenzo esiphikisana nalokho okusungulwe kuphrofayili ehambisanayo, umcimbi ungene ngemvume. Ngale ndlela abaphathi bathola isexwayiso sokuqala.

I-AppArmor ayithathi isikhundla se-Discretionary Access ControlNgamanye amagama, awukwazi ukugunyaza okuthile okungavunyelwe, kepha ungavimba okuthile okuvunyelwe.

I-AppArrmour iza namanye amathuluzi afakwe kuqala kusabelo esikhulu seLinux, futhi ungathola okuningi ezinqolobaneni.

Ungathola eminye imininingwane ku- ikhasi wephrojekthi


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-Fantasmon kusho
    kwenza iminyaka 3

    Ingabe i-AppArmor ayisona izikhali ......???????????????

    Phendula ku-Fantasmon
    1.    UDiego German Gonzalez kusho
      kwenza iminyaka 3

      Impela. Ngokushesha nje lapho ngikwazi khona ngiyakulungisa
      Ngiyabonga

      Phendula u-Diego Germán González