Step 1 :
Check if AppArmor is enabled or not. And make sure MySQL profile is enabled too.
sudo apparmor_status
Step 2 :
Create a profile of Apache2.
sudo aa-genprof apache2
sudo nano /etc/apparmor.d/usr.sbin.apache2
Add the following lines within ^DEFAULT_URI bracket.
/usr/sbin/suexec2 rix,
/usr/share/apache2/** r,
/var/log/apache2/** rwl,
/var/xoops/** r,
/var/www/xoops/** r,
Step 3 :
Put the profile in complain mode.
sudo aa-complain /etc/apparmor.d/usr.sbin.apache2
sudo /etc/init.d/apache2 restart
Step 4 :
After running the XOOPS for a while, we can update the profiles.
sudo aa-logprof
When the prompt ask for your selection, choose “A (Add)” to add a rule to the profiles. Save the file at the end of the process.
You can repeat this step when necessary.
Step 5 :
After running the XOOPS for a longer time and found no error, you can make the profile in enforce mode. Before doing so, make sure you have conducted the Step 4 once more.
sudo aa-enforce /etc/apparmor.d/usr.sbin.apache2
sudo /etc/init.d/apache2 restart
Step 6 (Optional) :
If you encounter any error, you can disable the profile.
sudo ln -s /etc/apparmor.d/usr.sbin.apache2 /etc/apparmor.d/disable/
sudo apparmor_parser -R < /etc/apparmor.d/usr.sbin.apache2
sudo rm /etc/aparmor.d/disable/usr.sbin.apache2
Reference :
(1) Ubuntu Documentation (AppArmor)
(2) Introduction to AppArmor
(3) Share your profiles
(4) AppArmor support threads
[...] Security enhanced Ubuntu 9.04 LAMP server with AppArmor [...]
[...] more here: HOWTO : Security enhanced your Ubuntu 9.04 LAMP server with … Tags: enabled-too-, hernandez, hundred-paper, minor-usability, posted-on-june, security, [...]