Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 271

4. Marks the log with a beginning marker of log events to consider. For exam-
ple:
Sep 13 17:48:52 figwit root: GenProf:
e2ff78636296f16d0b5301209a04430d
3 When prompted by the tool, run the application to profile in another terminal
window and perform as many of the application functions as possible. Thus, the
learning mode can log the files and directories to which the program requires
access in order to function properly. For example, in a new terminal window,
enter rcapache2 start.
4 Select from the following options that are available in the aa-logprof terminal
window after you have executed the program function:
• S runs aa-logprof on the system log from where it was marked when aa-
genprof was started and reloads the profile. If system events exist in the log,
AppArmor parses the learning mode log files. This generates a series of
questions that you must answer to guide aa-genprof in generating the security
profile.
• F exits the tool and returns to the main menu.
NOTE
If requests to add hats appear, proceed to
Applications Using ChangeHat
5 Answer two types of questions:
• A resource is requested by a profiled program that is not in the profile (see
Example 24.1, "Learning Mode Exception: Controlling Access to Specific
Resources" (page 260)).
• A program is executed by the profiled program and the security domain
transition has not been defined (see
tion: Defining Execute Permissions for an Entry"
Chapter 25, Profiling Your Web
(page 275).
Example 24.2, "Learning Mode Excep-
(page 262)).
Building Profiles from the Command Line 259