-
Notifications
You must be signed in to change notification settings - Fork 268
Expand file tree
/
Copy pathapparmor_glossary.xml
More file actions
212 lines (212 loc) · 7.23 KB
/
apparmor_glossary.xml
File metadata and controls
212 lines (212 loc) · 7.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
<?xml version="1.0"?>
<!DOCTYPE chapter [
<!ENTITY % entities SYSTEM "generic-entities.ent">
%entities;
]>
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:its="http://www.w3.org/2005/11/its" version="5.0" xml:id="cha-apparmor-glossary">
<title>&aa; glossary</title>
<info>
<meta name="description" its:translate="yes">Learn key concepts for securing and managing your Linux system, including abstraction profiles, access control, and more</meta>
<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
<dm:translation>yes</dm:translation>
</dm:docmanager>
<revhistory xml:id="rh-cha-apparmor-glossary">
<revision>
<date>2026-04-07</date>
<revdescription>
<para/>
</revdescription>
</revision>
</revhistory>
</info>
<variablelist>
<varlistentry>
<term>Abstraction</term>
<listitem>
<para>
See <emphasis>profile foundation classes</emphasis> below.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Apache</term>
<listitem>
<para>
Apache is a freely available Unix-based Web server. It is currently the
most commonly used Web server on the Internet. Find more information
about Apache at the Apache Web site at
<link xlink:href="https://www.apache.org"/>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>application fire-walling</term>
<listitem>
<para>
&aa; confines applications and limits the actions they are permitted
to take. It uses privilege confinement to prevent attackers from using
malicious programs on the protected server and even using trusted
applications in unintended ways.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>attack signature</term>
<listitem>
<para>
Pattern in system or network activity that alerts of a possible virus
or hacker attack. Intrusion detection systems might use attack
signatures to distinguish between legitimate and potentially malicious
activity.
</para>
<para>
By not relying on attack signatures, &aa; provides "proactive"
instead of "reactive" defense from attacks. This is better because
there is no window of vulnerability where the attack signature must be
defined for &aa; as it does for products using attack signatures.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>GUI</term>
<listitem>
<para>
Graphical user interface. Refers to a software front-end meant to
provide an attractive and easy-to-use interface between a computer user
and application. Its elements include windows, icons, buttons, cursors
and scrollbars.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>globbing</term>
<listitem>
<para>
File name substitution. Instead of specifying explicit file name paths,
you can use helper characters <literal>*</literal> (substitutes any
number of characters except special ones such as <literal>/</literal>
or <literal>?</literal>) and <literal>?</literal> (substitutes exactly
one character) to address multiple files/directories at once.
<literal>**</literal> is a special substitution that matches any file
or directory below the current directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>HIP</term>
<listitem>
<para>
Host intrusion prevention. Works with the operating system kernel to
block abnormal application behavior in the expectation that the
abnormal behavior represents an unknown attack. Blocks malicious
packets on the host at the network level before they can
<quote>hurt</quote> the application they target.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>mandatory access control</term>
<listitem>
<para>
A means of restricting access to objects that is based on fixed
security attributes assigned to users, files and other objects. The
controls are mandatory in the sense that they cannot be modified by
users or their programs.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>profile</term>
<listitem>
<para>
&aa; profile completely defines what system resources an individual
application can access, and with what privileges.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>profile foundation classes</term>
<listitem>
<para>
Profile building blocks needed for common application activities, such
as DNS lookup and user authentication.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>RPM</term>
<listitem>
<para>
The RPM Package Manager. An open packaging system available for anyone
to use. It works on Red Hat Linux, &productname;, and other Linux
and Unix systems. It is capable of installing, uninstalling, verifying,
querying and updating computer software packages. See
<link xlink:href="https://rpm.org/"/> for more information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SSH</term>
<listitem>
<para>
Secure Shell. A service that allows you to access your server from a
remote computer and issue text commands through a secure connection.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>streamlined access control</term>
<listitem>
<para>
&aa; provides streamlined access control for network services by
specifying which files each program is allowed to read, write and
execute. This ensures that each program does what it is supposed to do
and nothing else.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>URI</term>
<listitem>
<para>
Universal resource identifier. The generic term for all types of names
and addresses that refer to objects on the World Wide Web. A URL is one
kind of URI.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>URL</term>
<listitem>
<para>
Uniform Resource Locator. The global address of documents and other
resources on the Web.
</para>
<para>
The first part of the address indicates what protocol to use and the
second part specifies the IP address or the domain name where the
resource is located.
</para>
<para>
For example, when you visit <phrase os="sles;sled"><literal>http://www.suse.com</literal></phrase><phrase os="osuse"><literal>http://www.opensuse.org</literal></phrase>, you are
using the HTTP protocol, as the beginning of the URL indicates.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>vulnerabilities</term>
<listitem>
<para>
An aspect of a system or network that leaves it open to attack.
Characteristics of computer systems that allow an individual to keep it
from correctly operating or that allows unauthorized users to take
control of the system. Design, administrative or implementation
weaknesses or flaws in hardware, firmware or software. If exploited, a
vulnerability could lead to an unacceptable impact in the form of
unauthorized access to information or the disruption of critical
processing.
</para>
</listitem>
</varlistentry>
</variablelist>
</chapter>