/Firejail-and-Apparmor-tight-profile

This are a strong privacy profiles for firejail and apparmor

Primary LanguagePHP

Firejail-and-Apparmor-tight-profile

This are a strong privacy profiles for firejail and apparmor

Firejail

A strong tight profile which has :

  • A costom firewall
  • gives a default dns
  • privates every unnecessary folder
  • for some untrusted software removes external partation access
  • compleatelly removes root access
  • filters seccomp

Apparmor

This proflie enforces all unwanted softwares from root and internet access.
also protects from boot time external script from running

Installation of profiles :

  • Just copy both profile to /etc/ directory
  • run the following command sudo firecfg sudo aa-enforce /etc/apparmor.d/*
    • for apparmor make sure you have apparmor-utils installed depending on your distro
      also make sure to check to set all necessary softwares to complain mode with
      this following command :
      sudo aa-complain the-necessary-software-name

    • If a firejail profile fails to run a software or you need to run it in root with firejail. just use a text editor and
      edit the profile by removing or adding # infront of the lines
      which are:
      noroot, seccomp, machine-id, ipc-namespace, nonewprivs, nogroups,
      shell none, read-only, private-dev

  • If you are running a server with sandbox firejail then add the port number of use to the following files :
    tcpserver.net, webserver.net