diff --git a/ecs-init/apparmor/apparmor.go b/ecs-init/apparmor/apparmor.go
index 67ddc2e4072..64a7871e6a7 100644
--- a/ecs-init/apparmor/apparmor.go
+++ b/ecs-init/apparmor/apparmor.go
@@ -22,6 +22,8 @@ profile ecs-agent-default flags=(attach_disconnected,mediate_deleted) {
   #include <abstractions/base>
 
   network,
+  # deny raw socket creation to prevent exploits that perform network attacks (arp, ip spoofing, etc.)
+  deny network socket,
   capability,
   file,
   umount,
@@ -31,7 +33,7 @@ profile ecs-agent-default flags=(attach_disconnected,mediate_deleted) {
   signal (send,receive) peer=ecs-agent-default,
 
   # ECS agent requires DBUS send
-  dbus (send) bus=system,
+  dbus (send,receive) bus=system,
 
   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
   # deny write to files not in /proc/<number>/** or /proc/sys/**