- 重要な情報
- はじめに
- 用語集
- ガイド
- エージェント
- インテグレーション
- OpenTelemetry
- 開発者
- API
- CoScreen
- アプリ内
- Service Management
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
Detect modification of AppArmor profiles using an interactive session.
After an initial intrusion, attackers may attempt to disable security tools to avoid possible detection of their offensive tools and activities. AppArmor is a Linux Security Module (LSM) feature that confines programs to a limited set of resources. Disabling AppArmor could help an attacker run disallowed tools and gain access to resources that are otherwise blocked. This detection looks for commands that disable or modify AppArmor during interactive sessions, which is highly irregular in production environments.
Requires Agent version 7.27 or greater