Linux mint has apparmor built in

[someone]

If any linux users dont know
Thought I would mention that Linux mint has endpoint protection built in
It has default settings, but is readily changeable.
Its all command line but not difficult, watch some utube videos

[Wepaing]

If possible, please include a link to the video so users can find it faster.

[fastboot]

Am, almost, sorry.

But what is the news? Apparmor or SELINUX is default. Even in the CIS Benchmarks (Hardening Guidelines) its standard.
Furthermore this is not a Linux forum. OPNsense is built on UNIX.

Also this is not an IDS or even not an IPS....

At least, to give you some useful information: Check AIDE...

[someone]

Apparmor is an endpoint IPS, also Wazuh, and other third party contributions
Which all help protect our operating system and opnsense router
I still cant get opnsense to last more than around two weeks, anything that would help would be a help to us all

[fastboot]

Your comments make it very clear that you are mixing up fundamental concepts, so let me clarify this with precision:

1. AppArmor is not an endpoint IPS.
It is a Mandatory Access Control mechanism. It limits process capabilities but does not inspect traffic, block intrusions, or act as a behavioral prevention system. Presenting it as an IPS shows a misunderstanding of its purpose.

2. Linux Mint does not offer "built-in endpoint protection"
Having AppArmor enabled by default is a basic security measure, not an EDR/XDR or IPS solution. Treating it as such misrepresents what it actually does.

3. Bringing Wazuh into this only demonstrates further confusion.
Wazuh is an entirely separate SIEM/XDR platform that requires a complete backend infrastructure. It is not related to Mint's default configuration and has no connection to AppArmor's functionality.

4. None of this applies to OPNsense.
OPNsense is based on FreeBSD. Linux MAC frameworks like AppArmor or SELinux do not apply here. Mentioning them as protection for OPNsense shows that you are discussing technologies from entirely different systems as if they were interchangeable.

If your OPNsense system becomes unstable after two weeks, you should focus on logs, configuration, hardware, or plugins. Linux security frameworks will not solve a FreeBSD issue.

And to avoid further confusion: OPNsense is a firewall platform, not a router.

This should settle the topic.

[someone]

Yes apparmor is endpoint protection. Wazuh agent is a third party addon. Which communicates from opnsense to wazuh. Opnsense has to be compatible with a operating system. It also is used to protect said operating system via firewall and IPS .Opnsense and its security is what drove people here, along with third party apps and anything else that helps. I will continue to help opnsense in that respect because it is top notch for security. Opnsense on its own is not enough, the cyber security world is ever evolving. There are changes in the works for opnsense, I have made some of my own requests such as encryption decoding and offloading. If you are confused just say so.

[fastboot]

At this point it is worth asking who exactly you believe you are helping with this advice. 🤦

Anyone with a basic understanding of IDS/IPS, operating system architecture, or OPNsense will immediately recognize the technical errors. New users, on the other hand, would be actively misled by conflating Linux endpoint hardening with network-based intrusion prevention on a FreeBSD firewall.

Security advice that ignores platform boundaries and basic definitions is not just unhelpful, it is harmful. If I were looking for guidance, this is precisely the kind of commentary I would avoid, either by walking away or by treating it as intentional comedy. What it is...😁

This forum section exists to exchange accurate, actionable information. What you are providing is neither.

Last but not least: https://docs.opnsense.org/manual/wazuh-agent.html
Read the "Warning" carefully...

[someone]

If you are on linux or similar, check if apparmor is built in or available in your repository. After you do an update, install apparmor-utils, apparmor-profiles, apparmor-profiles-extra, apparmor-notify, and auditd to monitor everything. I have connections through the browser attacking my system trying to break through apparmor. It shows up in auditd log file. Its a mile long. Using this as your endpoint protection or a similar app protects your operating system and  the LAN side backend of opnsense which is open and everything is allowed, thats how they were breaking my separate opnsense router. The app called apparmor can be more or less restrictive to suit your needs. I am using it on default. When the other extensions are installed then execute sudo systemctl restart apparmor, or just restart your computer.  It updates the profiles. There are browser jails but most research said they cause problems due to being to restrictive. Only use in extreme cases of attack. Auditd log will show the actual commands they tried to execute on your computer. Hope this helps anyone experiencing intrusion through the browser or just need some more security. These are the kind of attacks suricata is working on, but will be in the future, maybe suricata 9. We have to start decrypting. Which will take more processing power, opnsense may be split due to size of unit to do this., I mean more security will mean a bigger unit to run it all., or have options on how much security is running with different size router units as they already do. Decrypting headers is one thing, decrypting full payload and checking it is another.