Configuring And Using The Apparmor Desktop Monitor Applet - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual

27.3.5 Deleting Reports
Delete a Report enables you to permanently remove a report from the list of Novell
AppArmor scheduled reports. To delete a report, follow these instructions:
1 To remove a report from the list of reports, highlight the report and click Delete.
2 From the confirmation pop-up, select Cancel if you do not want to delete the
selected report. If you are sure you want to remove the report permanently from
the list of reports, select Delete.
27.4 Configuring and Using the
AppArmor Desktop Monitor
Applet
The Linux audit framework contains a dispatcher that can send AppArmor events to
any consumer application via dbus. The GNOME AppArmor Desktop Monitor applet
is one example of an application that gathers AppArmor events via dbus. To configure
audit to use the dbus dispatcher, just set the dispatcher in your audit configuration in
/etc/audit/auditd.conf to apparmor-dbus and restart auditd:
dispatcher=/usr/bin/apparmor-dbus
Once the dbus dispatcher is configured correctly, add the AppArmor Desktop Monitor
to the GNOME panel by right-clicking the panel and selecting Add to Panel > AppArmor
Desktop Monitor. As soon as a REJECT event is logged, the applet's panel icon changes
appearance and you can click the applet to see the number of reject events per confined
application. To view the exact log messages, refer to the audit log under /var/log/
audit/audit.log. React to any REJECT events as described in
"Reacting to Security Event Rejections" (page 354).
Managing Profiled Applications
Section 27.5,
353