1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration

Audit#

Run the following commands to verify that all linux lines have the apparmor=1 and security=apparmor parameters set:

# grep "^\s*linux" /boot/grub/grub.cfg | grep -v "apparmor=1"

Nothing should be returned

# grep "^\s*linux" /boot/grub/grub.cfg | grep -v "security=apparmor"

Nothing should be returned

Edit /etc/default/grub and add the apparmor=1 and security=apparmor parameters to the GRUB_CMDLINE_LINUX= line

GRUB_CMDLINE_LINUX="apparmor=1 security=apparmor"

Run the following command to update the grub2 configuration:

# update-grub