Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 266
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
8 Rescan all profiles.
24.6.3 Summary of Profiling Tools
All of the AppArmor profiling utilities are provided by the apparmor-utils RPM
package and are stored in /usr/sbin. Each tool has a different purpose.
aa-autodep—Creating Approximate Profiles
This creates an approximate profile for the program or application selected. You can
generate approximate profiles for binary executables and interpreted script programs.
The resulting profile is called "approximate" because it does not necessarily contain
all of the profile entries that the program needs to be properly confined by AppArmor.
The minimum aa-autodep approximate profile has at least a base include directive,
which contains basic profile entries needed by most programs. For certain types of
programs, aa-autodep generates a more expanded profile. The profile is generated by
recursively calling ldd(1) on the executables listed on the command line.
To generate an approximate profile, use the aa-autodep program. The program argument
can be either the simple name of the program, which aa-autodep finds by searching
your shell's path variable, or it can be a fully qualified path. The program itself can be
of any type (ELF binary, shell script, Perl script, etc.). aa-autodep generates an approx-
imate profile to improve through the dynamic profiling that follows.
The resulting approximate profile is written to the /etc/apparmor.d directory using
the AppArmor profile naming convention of naming the profile after the absolute path
of the program, replacing the forward slash (/) characters in the path with period (.)
characters. The general form of aa-autodep is to enter the following in a terminal window
when logged in as root:
254
Security Guide
available through the YaST Profile Mode module, described in
"Changing the Mode of Individual Profiles"
To ensure that all profiles are taken out of complain mode and put into enforce
mode, enter aa-enforce /etc/apparmor.d/*.
To have AppArmor rescan all of the profiles and change the enforcement mode
in the kernel, enter rcapparmor restart.
Section 23.6.2,
(page 244).
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009