aircraft-cerier
commented
4 years ago Covered in pull request: #79
Closed aircraft-cerier closed 4 years ago
aircraft-cerier
commented
4 years ago Covered in pull request: #79
Description: Monitor AppArmor mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to /etc/apparmor and /etc/apparmor.d directories.
Remediation: Edit or create a file in the /etc/audit/rules.d/ directory ending in .rules Example: vi /etc/audit/rules.d/MAC-policy.rules and add the following lines: