Novell APPARMOR Admin Manual page 62

U s e r ' s G u i d e
• logprof -d /path/to/profile/directory/
Use this option to specify the full path to the location of the profiles if
the profiles are not located in the standard directory, /etc/subdo-
main.d/.
• logprof -f /path/to/logfile/
Use this option to specify the full path to the location of the logfile if
the logfile is not located in the default directory, /var/log/messages/.
• logprof -m "string marker in logfile"
Use this option to mark the starting point for logprof to look in the
system log. logprof will ignore all events in the system log before
the specified mark is seen. If the mark contains spaces, it must be
surrounded with quotes to work correctly. This option would look
like this: logprof -m "Jan 19 13:09:51"
Logprof scans through the log, asking you how to handle each logged
event. Each question presents a numbered list of Novell AppArmor
rules that could be added by pressing the number of the item on the
list.
By default, logprof looks for profiles in /etc/subdomain.d and
scans the log in /var/log/messages so in many cases, just running
" logprof" a s r o o t w i l l d o t h e r i g h t t h i n g .
However, there will be times when you need to search archived log
files, such as if the program exercise period exceeds the log rotation
window (when the log messages file is archived and the new log file is
started). If this is the case, you can type:
zcat -f `ls -1tr /var/log/messages*` | logprof -f -
Logprof Example 1
Following is an example of how logprof will address httpd2-pre-
fork accessing the file /etc/group. The example uses [] to
indicate the default option.
In this example, the access to /etc/group is part of httpd2-pre-
fork accessing nameservices. The appropriate response is 1, which
pulls in a pre-defined set of Novell AppArmor rules. Selecting 1 to
#include the nameservice package forestalls all of the future questions
pertaining to DNS lookups, and also makes the profile less brittle, in
62