We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Fresh Ubuntu Installation and AppArmor


spauldingsmails
03-03-2009, 15:19
Thanks for the prompt reply.

Is there any reason why a custom kernel is being used for the ubuntu server? I just wonder because I would think there would be an issue with kernel updates and patches as the ovh kernel will always be behind the ubuntu default.

My other concern is whether apparmor is the only package I have to worry about or will there be others. Any documentation would be much appreciated.
Palad1n
03-03-2009, 14:44
Hi,

You really do not want AppArmor on your OVH server.

The OVH Kernel is not Modular and as such you cannot load it, but if you install it, it will try and secure your server in a half hearted way which will affect your other applications.

Remove it, same as SELINUX on CentOS based systems, it causes more harm than good.

LAMP complains about AppArmor but will NOT fail because of it.

Google "Secure my Server" or "Secure Ubuntu Linux" or "Perfect Server/Desktop Ubuntu"

You should find many good English articles.
spauldingsmails
03-03-2009, 14:17
I have a fresh ubuntu installation and was in the process of installing Apache/MySQL/PHP when apt-get started complaining about not being able to modify apparmor. Noticing apparmor not installed I attempted to rectify the problem;
Code:
sudo apt-get install apparmor
However, I get the errors;
Code:
Setting up apparmor (2.1+1075-0ubuntu9.1) ...
grep: /proc/modules: No such file or directory
ls: cannot access /sys/module/apparmor: No such file or directory
grep: /proc/modules: No such file or directory
ls: cannot access /sys/module/apparmor: No such file or directory
FATAL: Could not load /lib/modules/2.6.27.10-grsec-xxxx-grs-ipv4-32/modules.dep: No such file or directory
Loading AppArmor module: Failed.
invoke-rc.d: initscript apparmor, action "start" failed.
grep: /proc/modules: No such file or directory
ls: cannot access /sys/module/apparmor: No such file or directory
grep: /proc/modules: No such file or directory
ls: cannot access /sys/module/apparmor: No such file or directory
grep: /proc/modules: No such file or directory
ls: cannot access /sys/module/apparmor: No such file or directory
FATAL: Could not load /lib/modules/2.6.27.10-grsec-xxxx-grs-ipv4-32/modules.dep: No such file or directory
Loading AppArmor module: Failed.
invoke-rc.d: initscript apparmor, action "reload" failed.
Searching some other ovh forum posts there is discussion about grub v lilo but implementing the suggested solutions does not fix anything and the problem persists. That said, most of the posts are in different languages and so difficult to follow even using Google's translation tool.

Any help would be much appreciated.