Auditing Rules - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
fsize, nofile, locks, sigpending, nproc
a number greater or equal to 0
nice
a value between -20 and 19
*
The nproc rlimit is handled different than all the other rlimits. Instead of indicating
the standard process rlimit it controls the maximum number of processes that can be
running under the profile at any given time. Once the limit is exceeded the creation of
new processes under the profile will fail until the number of currently running processes
is reduced.
NOTE
Currently the tools can not be used to add rlimit rules to profiles. The only way
to add rlimit controls to a profile is manually edit the profile with a text editor.
The tools will still work with profiles containing rlimit rules and will not remove
them, so it is safe to use the tools to update profiles containing them.
21.10 Auditing Rules
AppArmor provides the ability to audit given rules so that when they are matched an
audit message will appear in the audit log. To enable audit messages for a given rule
the audit keyword is prepended to the rule:
audit /etc/foo/*
If it is desirable to audit only a given permission the rule can be split into two rules.
The following example will result in audit messages when files are opened for writing,
but not when they are opened for just reading:
audit /etc/foo/*
/etc/foo/*
NOTE
Audit messages are not generated for every read or write of a file but only
when a file is opened for read or write.
218
Security Guide
rw,
w,
r,
*
, rtprio
Advertisement
Table of Contents
