ophy of immunizing programs. Proceed to Chapter 21, Profile Components and Syntax(page 237), Chapter 23, Building and Managing Profiles with YaST (page 265), orChapter 24, Building Profiles from the Command Line (page 287) if you are ready tobuild and manage Novell AppArmor profiles.Novell AppArmor provides streamlined access control for network services by specifyingwhich files each program is allowed to read, write, and execute, and which type ofnetwork it is allowed to access. This ensures that each program does what it is supposedto do and nothing else. Novell AppArmor quarantines programs to protect the rest ofthe system from being damaged by a compromised process.Novell AppArmor is a host intrusion prevention or mandatory access control scheme.Previously, access control schemes were centered around users because they were builtfor large timeshare systems. Alternatively, modern network servers largely do not permitusers to log in, but instead provide a variety of network services for users, such as Web,mail, file, and print servers. Novell AppArmor controls the access given to networkservices and other programs to prevent weaknesses from being exploited.TIP: Background Information for Novell AppArmorTo get a more in-depth overview of AppArmor and the overall concept behindit, refer to Section 18.1, “Background Information on AppArmor Profiling”(page 218).20.1 Introducing the AppArmorFrameworkThis section provides a very basic understanding of what is happening “behind thescenes” (and under the hood of the YaST interface) when you run AppArmor.An AppArmor profile is a plain text file containing path entries and access permissions.See Section 21.1, “Breaking a Novell AppArmor Profile into Its Parts” (page 238) fora detailed reference profile. The directives contained in this text file are then enforcedby the AppArmor routines to quarantine the process or program.The following tools interact in the building and enforcement of AppArmor profiles andpolicies:228 Security Guide