From 39c91c7513df60d72897dbfe2adb0833ec7c6d24 Mon Sep 17 00:00:00 2001
From: z3rOR0ne <z3rOR0ne@protonmail.com>
Date: Thu, 21 Jul 2022 15:48:57 -0700
Subject: [PATCH] :memo: Added extensive notation on installing apparmor

---
 updates.txt | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/updates.txt b/updates.txt
index 11da160b..cef25eb9 100644
--- a/updates.txt
+++ b/updates.txt
@@ -35,3 +35,31 @@ After updating your nvim, make sure to run :LspInstallerInfo and update your lan
 Update rustup
 
 rustup update
+
+***Set up apparmor (basic security measure)
+
+doas pacman -S apparmor apparmor-runit audit audit-runit
+
+doas ln -s /etc/runit/sv/auditd /run/runit/service/
+
+doas sv start auditd
+
+In /etc/rc/apparmor.conf, uncomment enforce mode
+
+In /etc/default/grub, rewrite the line at CMDLINE as such (be exact and careful here):
+
+GRUB_CMDLINE_LINUX="lsm=landlock,lockdown,yama,apparmor,bpf net.ifnames=0"
+
+grub-mkconfig -o /boot/grub/grub.cfg
+
+reboot
+
+If all went well run aa-enabled, which should yield "Yes"
+
+aa-enabled
+
+Now load simple defaults:
+
+doas apparmor_parser /usr/share/apparmor/extra-profiles/
+
+And reboot again, you should have some sane security defaults now.