Managing Profiled Applications; Monitoring Your Secured Applications; Setting Up Event Notification - Novell APPARMOR Admin Manual

U s e r ' s G u i d e
Chapter 5 Managing Profiled Applications
After creating profiles and Immunizing your applications, the SLES 9
system will be more efficient and better protected if you perform Novell
AppArmor profile maintenance, which involves tracking common
issues and concerns. You can deal with common issues and concerns
before they become a problem by setting up event notification via
email, running periodic reports, updating profiles from system log
entries (which is essentially running the logprof tool through the
YaST GUI) and dealing with maintenance issues. Instructions on how
to perform each of these tasks are available:
• Monitoring Your Secured Applications, see page 72.
• Maintaining Your Security Profiles, see page 76.

Monitoring Your Secured Applications

Applications that are confined by Novell AppArmor security profiles will
generate messages when applications execute in unexpected ways, or
outside of their specified profile. These messages can be monitored by
event notification, generating periodic reports, or integration into a 3rd
party reporting mechanism. The following sections provide detail on
how to use these features and where to find additional resources.
• Setting Up Event Notification, see page 72.
• Reports, see page 74.
• Reacting to Security Events, see page 76.

Setting Up Event Notification

Security event notification is a Novell AppArmor feature that informs
you when systemic SubDomain activity occurs. When you enter an
email address, you are notified via email when SubDomain Security
events occur. You can enable three types of notifications, which are:
• Terse:Terse notification summarizes the total number of system
events without giving details. For example:
72