Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 264
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
24.6.1 Stand-Alone Profiling
Stand-alone profile generation and improvement is managed by a program called aa-
genprof. This method is easy because aa-genprof takes care of everything, but is limited
because it requires aa-genprof to run for the entire duration of the test run of your pro-
gram (you cannot reboot the machine while you are still developing your profile).
To use aa-genprof for the stand-alone method of profiling, refer to
prof—Generating Profiles"
24.6.2 Systemic Profiling
This method is called systemic profiling because it updates all of the profiles on the
system at once, rather than focusing on the one or few targeted by aa-genprof or stand-
alone profiling. With systemic profiling, profile construction and improvement are
somewhat less automated, but more flexible. This method is suitable for profiling long-
running applications whose behavior continues after rebooting or a large number of
programs all at once.
Build an AppArmor profile for a group of applications as follows:
1 Create profiles for the individual programs that make up your application.
2 Put relevant profiles into learning or complain mode.
252
Security Guide
Although this approach is systemic, AppArmor only monitors those programs
with profiles and their children. To get AppArmor to consider a program, you
must at least have aa-autodep create an approximate profile for it. To create this
approximate profile, refer to
files"
(page 254).
Activate learning or complain mode for all profiled programs by entering
aa-complain /etc/apparmor.d/* in a terminal window while logged
in as root. This functionality is also available through the YaST Profile Mode
module, described in
(page 244).
When in learning mode, access requests are not blocked even if the profile dictates
that they should be. This enables you to run through several tests (as shown in
(page 257).
Section "aa-autodep—Creating Approximate Pro-
Section 23.6.2, "Changing the Mode of Individual Profiles"
Section "aa-gen-
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009