1.6.1 - Configure AppArmor

1.6.1.1 - Ensure AppArmor is installed

Ensure that AppArmor is installed by running apt install apparmor

1.6.1.2 - Ensure AppArmor is enabled in the bootloader configuration

Then, ensure that AppArmor is enbled by adding apparmor=1 and security=apparmor to the line GRUB_CMDLINE_LINUX in /etc/default/grub.

Ex:

GRUB_CMDLINE_LINUX="apparmor=1 security=apparmor"

Then, run update-grub.

1.6.1.4 - Ensure all AppArmor Profiles are enforcing

Then, set all AppArmor profiles to enforcing by running aa-enforce /etc/apparmor.d/*. Then run apparmor_status | grep processes and make sure no processes are unconfined. If any are, create a profile for them.