Building And Modifying Profiles - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
Network Agents
Web Applications
Cron Jobs
To find out which processes are currently running with open network ports and might
need a profile to confine them, run aa-unconfined as root.
Example 19.1 Output of aa-unconfined
19848 /usr/sbin/cupsd not confined
19887 /usr/sbin/sshd not confined
19947 /usr/lib/postfix/master not confined
29205 /usr/sbin/sshd confined by '/usr/sbin/sshd (enforce)'
Each of the processes in the above example labeled not confined might need a
custom profile to confine it. Those labeled confined by are already protected by
AppArmor.
TIP: For More Information
For more information about choosing the the right applications to profile, refer
to
Section 20.2, "Determining Programs to Immunize"
19.4 Building and Modifying Profiles
Novell AppArmor on SUSE Linux Enterprise Desktop ships with a preconfigured set
of profiles for the most important applications. In addition to that, you can use AppArmor
to create your own profiles for any application you want.
There are two ways of managing profiles. One is to use the graphical front-end provided
by the YaST Novell AppArmor modules and the other is to use the command line tools
provided by the AppArmor suite itself. Both methods basically work the same way.
For each application, perform the following steps to create a profile:
1 As root, let AppArmor create a rough outline of the application's profile by
182
Security Guide
running aa-genprof programname
or
(page 190).
Advertisement
Table of Contents
