Novell APPARMOR Admin Manual page 61
Hide thumbs
Also See for APPARMOR:
- Quick start manual (5 pages) ,
- Installation & quick start manual (4 pages) ,
- Quick start card (7 pages)
Table of Contents
Advertisement
Two Methods of Profiling
• Abo"r"t: Aborts logprof, dumping all rule changes entered so
far and leaving all profiles unmodified.
• "F"inish: Closes logprof, saving all rule changes entered so
far and modifying all profiles.
7. To view and edit your profile using vim, type vim /etc/subdo-
main.d/profilename in a terminal window. To enable the syn-
tax coloring, when you edit a Novell AppArmor profile in vim, use
t h e c o mma n d " :syntax on" a n d t h e n " :set syntax=subdo-
main" . F o r mo r e i n f o r ma t i o n o n vim and syntax coloring, refer to
" Subdomain.vim" o n p a g e6 7 .
Logprof
Logprof is an interactive tool used to review the learning/complain
mode output found in the syslog entries, then generate new entries in
Novell AppArmor security profiles.
When you run logprof, it begins to scan the log files produced in learn-
ing/complain mode, and if there are new security events that are not
covered by the existing profile set, the user is prompted with sugges-
tions for modifying the profile. The learning/complain mode traces pro-
gram behavior and enters it in syslog. Logprof uses this information to
observe program behavior.
If a confined program forks and execs another program, logprof will
see this and ask the user which execution mode should be used when
launching the child process. The following execution modes are
options for starting the child process: ix, px, or ux. If a separate profile
exists for the child process, the default selection will be px. If one
d o e s n ' t exist, the profile will default to ix. Child processes with sepa-
r a t e p r o f i l e s w i l l b e a u t o d e p ' d a n d l o a d e d i n t o N o v e l l A p p A r mo r , i f i t ' s
running.
When logprof exits, profiles are updated with the changes. If the Sub-
Domain module is running, the updated profiles are reloaded and if
any processes that generated security events are still running in the
null-complain-profile, those processes are set to run under their proper
profiles.
To run logprof, you have to type logprof into a terminal window while
logged in as root. The following options can also be used for logprof:
61
Advertisement
Table of Contents
Related Manuals for Novell APPARMOR
Related Products for Novell APPARMOR
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP2 Beta 1
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ADMINSTUDIO 9.5