7 Managing Profiled Applications; Monitoring Your Secured Applications - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
27
Managing Profiled
Applications
After creating profiles and immunizing your applications, SUSE® Linux Enterprise
Desktop becomes more efficient and better protected if you perform Novell® AppArmor
profile maintenance, which involves analyzing log files and refining your profiles as
well as backing up your set of profiles and keeping it up-to-date. You can deal with
these issues before they become a problem by setting up event notification by e-mail,
running periodic reports, updating profiles from system log entries by running the aa-
logprof tool through YaST, and dealing with maintenance issues.
27.1 Monitoring Your Secured
Applications
Applications that are confined by Novell AppArmor security profiles generate messages
when applications execute in unexpected ways or outside of their specified profile.
These messages can be monitored by event notification, periodic report generation, or
integration into a third-party reporting mechanism.
For reporting and alerting, AppArmor uses a userspace daemon
(/usr/sbin/aa-eventd). This daemon monitors log traffic, sends out notifications,
and runs scheduled reports. It does not require any end user configuration and it is
started automatically as part of the security event notification through the YaST App-
Armor Control Panel or by the configuration of scheduled reports in the YaST AppArmor
Reports module.
Managing Profiled Applications
289
Advertisement
Table of Contents
