https://github.com/nginx/nap-apparmor
Apparmor integration for NAP4/5
https://github.com/nginx/nap-apparmor
Last synced: 6 months ago
JSON representation
Apparmor integration for NAP4/5
- Host: GitHub
- URL: https://github.com/nginx/nap-apparmor
- Owner: nginx
- Created: 2025-06-23T15:49:36.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2025-07-03T11:30:09.000Z (6 months ago)
- Last Synced: 2025-07-03T12:25:04.088Z (6 months ago)
- Language: Shell
- Homepage:
- Size: 27.3 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# AppArmor Integration for NGINX App Protect WAF (NAP 4 & 5)
This project provides tools and documentation for integrating **NGINX App Protect WAF (NAP)** versions **4 and 5** with **AppArmor** on **Debian-based systems** (e.g., Ubuntu, Debian).
## Overview
AppArmor is a Linux security module that provides Mandatory Access Control (MAC). When deploying NGINX App Protect WAF, configuring appropriate AppArmor profiles ensures secure, least-privilege access for WAF components, improving system hardening.
This repository includes:
- Custom AppArmor profiles for NGINX and NAP components
- Scripts to apply and test profiles
- Sample test cases to trigger policy denials
- Tools to monitor and troubleshoot AppArmor violations
## Structure
.
├── nap4-apparmor/
│ ├── apparmor_policies/
│ ├── test_scripts/
│ ├── README.md
│ └── troubleshooting.md
├── nap5-apparmor/
│ ├── apparmor_policies/
│ ├── test_scripts/
│ ├── README.md
│ └── troubleshooting.md
└── README.md
## Requirements
- Debian 11+ or Ubuntu 20.04+ (AppArmor enabled)
- NGINX App Protect WAF v4 or v5 installed
- AppArmor tools: apparmor_parser, aa-status, aa-complain, etc.