EPISODE · Jun 3, 2026 · 9 MIN
How to Harden Your Linux Server with AppArmor Profiles
from Linux Server Admin with Fexingo: Sysadmin, Bash, and Server Engineering · host Fexingo
In this episode of Linux Server Admin, Lucas and Luna dive into AppArmor—the mandatory access control system that's simpler than SELinux but powerful enough to confine major services like Nginx, MySQL, and Apache. They walk through a real-world case: a misbehaving PHP script that tried to write to /etc/passwd on a production web server, and how an AppArmor profile blocked it instantly. Lucas explains the difference between complain mode and enforce mode, how to generate profiles with aa-genprof, and why you should never run a profile in complain mode in production without auditing the logs. Luna challenges whether AppArmor is enough by itself, and they discuss defense-in-depth. A concrete episode for anyone running Linux servers who wants to lock down services without the overhead of SELinux. #AppArmor #LinuxSecurity #MandatoryAccessControl #ServerHardening #NginxSecurity #MySQLSecurity #aaGenprof #LinuxSysadmin #SecurityProfiles #LinuxServer #Infosec #Sysadmin #Technology #LinuxAdmin #FexingoBusiness #BusinessPodcast #TechPodcast #DevOps Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In this episode of Linux Server Admin, Lucas and Luna dive into AppArmor—the mandatory access control system that's simpler than SELinux but powerful enough to confine major services like Nginx, MySQL, and Apache. They walk through a real-world case: a misbehaving PHP script that tried to write to /etc/passwd on a production web server, and how an AppArmor profile blocked it instantly. Lucas explains the difference between complain mode and enforce mode, how to generate profiles with aa-genprof, and why you should never run a profile in complain mode in production without auditing the logs. Luna challenges whether AppArmor is enough by itself, and they discuss defense-in-depth. A concrete episode for anyone running Linux servers who wants to lock down services without the overhead of SELinux. #AppArmor #LinuxSecurity #MandatoryAccessControl #ServerHardening #NginxSecurity #MySQLSecurity #aaGenprof #LinuxSysadmin #SecurityProfiles #LinuxServer #Infosec #Sysadmin #Technology #LinuxAdmin #FexingoBusiness #BusinessPodcast #TechPodcast #DevOps Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How to Harden Your Linux Server with AppArmor Profiles
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m