Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 267
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
aa-autodep [ -d /path/to/profiles ] [program1 program2...]
If you do not enter the program name or names, you are prompted for them.
/path/to/profiles overrides the default location of /etc/apparmor.d,
should you keep profiles in a location other than the default.
To begin profiling, you must create profiles for each main executable service that is
part of your application (anything that might start without being a child of another
program that already has a profile). Finding all such programs depends on the application
in question. Here are several strategies for finding such programs:
Directories
If all the programs to profile are in one directory and there are no other programs
in that directory, the simple command aa-autodep
/path/to/your/programs/* creates basic profiles for all programs in that
directory.
ps command
You can run your application and use the standard Linux ps command to find all
processes running. Then manually hunt down the location of these programs and
run the aa-autodep for each one. If the programs are in your path, aa-autodep
finds them for you. If they are not in your path, the standard Linux command find
might be helpful in finding your programs. Execute find / -name
'my_application' -print to determine an application's path
(my_application being an example application). You may use wild cards if
appropriate.
aa-complain—Entering Complain or Learning Mode
The complain or learning mode tool (aa-complain) detects violations of AppArmor
profile rules, such as the profiled program accessing files not permitted by the profile.
The violations are permitted, but also logged. To improve the profile, turn complain
mode on, run the program through a suite of tests to generate log events that characterize
the program's access needs, then postprocess the log with the AppArmor tools to
transform log events into improved profiles.
Manually activating complain mode (using the command line) adds a flag to the top of
the profile so that /bin/foo becomes /bin/foo flags=(complain). To use
complain mode, open a terminal window and enter one of the following lines as root:
Building Profiles from the Command Line
255
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009