Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 278
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
aa-logprof—Scanning the System Log
aa-logprof is an interactive tool used to review the learning or complain mode output
found in the log entries in /var/log/audit/audit.log or /var/log/
messages (if auditd is not running) and generate new entries in AppArmor security
profiles.
When you run aa-logprof, it begins to scan the log files produced in learning or complain
mode and, if there are new security events that are not covered by the existing profile
set, it gives suggestions for modifying the profile. The learning or complain mode traces
program behavior and enters it in the log. aa-logprof uses this information to observe
program behavior.
If a confined program forks and executes another program, aa-logprof sees this and
asks the user which execution mode should be used when launching the child process.
The execution modes ix, px, Px, ux, and Ux are options for starting the child process.
If a separate profile exists for the child process, the default selection is px. If one does
not exist, the profile defaults to ix. Child processes with separate profiles have aa-autodep
run on them and are loaded into AppArmor, if it is running.
When aa-logprof exits, profiles are updated with the changes. If the AppArmor module
is running, the updated profiles are reloaded and, if any processes that generated secu-
rity events are still running in the null-complain-profile, those processes are set to run
under their proper profiles.
TIP: Support for the External Profile Repository
Similar to the aa-genprof, aa-logprof also supports profile exchange with the
external repository server. For background information on the use of the exter-
nal AppArmor profile repository, refer to
Repository"
to the server, check the procedure described under
erating Profiles"
To run aa-logprof, enter aa-logprof into a terminal window while logged in as
root. The following options can be used for aa-logprof:
266
Security Guide
(page 222). For details on how to configure access and access mode
(page 257).
Section 22.2, "Using the External
Section "aa-genprof—Gen-
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009