Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 205
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
NOTE
aa-unconfined requires root privileges and should not be run from a shell
that is confined by an AppArmor profile.
aa-unconfined does not distinguish between one network interface and another,
so it reports all unconfined processes, even those that might be listening to an internal
LAN interface.
Finding user network client applications is dependent on your user preferences. The
aa-unconfined tool detects and reports network ports opened by client applications,
but only those client applications that are running at the time the aa-unconfined
analysis is performed. This is a problem because network services tend to be running
all the time, while network client applications tend only to be running when the user is
interested in them.
Applying Novell AppArmor profiles to user network client applications is also dependent
on user preferences. Therefore, we leave profiling of user network client applications
as an exercise for the user.
To aggressively confine desktop applications, the aa-unconfined command supports
a paranoid option, which reports all processes running and the corresponding App-
Armor profiles that might or might not be associated with each process. The user can
then decide whether each of these programs needs an AppArmor profile.
If you have new or modified profiles, you can submit them to the apparmor-gener-
al@forge.novell.com [mailto:apparmor-general@forge.novell.com]
mailing list along with a use case for the application behavior that you exercised. The
AppArmor team reviews and may submit the work into SUSE Linux Enterprise Desktop.
We cannot guarantee that every profile will be included, but we make a sincere effort
to include as much as possible so that end users can contribute to the security profiles
that ship in SUSE Linux Enterprise Desktop.
Alternatively, use the AppArmor profile repository to make your profiles available to
other users and to download profiles created by other AppArmor users and the AppArmor
developers. Refer to
Section 22.2, "Using the External Repository"
information on how to use the AppArmor profile repository.
(page 222) for more
Immunizing Programs
193
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009