Reacting To Security Event Rejections; Maintaining Your Security Profiles - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

27.5 Reacting to Security Event
When you receive a security event rejection, examine the access violation and determine
if that event indicated a threat or was part of normal application behavior. Application-
specific knowledge is required to make the determination. If the rejected action is part
of normal application behavior, run aa-logprof at the command line or the Update
Profile Wizard in Novell AppArmor to update your profile.
If the rejected action is not part of normal application behavior, this access should be
considered a possible intrusion attempt (that was prevented) and this notification should
be passed to the person responsible for security within your organization.
27.6 Maintaining Your Security
In a production environment, you should plan on maintaining profiles for all of the de-
ployed applications. The security policies are an integral part of your deployment. You
should plan on taking steps to back up and restore security policy files, plan for software
changes, and allow any needed modification of security policies that your environment
dictates.
27.6.1 Backing Up Your Security Profiles
Because you take the time to make profiles, it makes sense to back them up. Backing
up profiles might save you from having to reprofile all your programs after a disk crash.
Also, if profiles are changed, you can easily restore previous settings by using the
backed up files.
Back up profiles by copying the profile files to a specified directory.
1 You should first archive the files into one file.To do this, open a terminal window
314 Security Guide
Rejections
Profiles
and enter the following as root:
tar zclpf profiles.tgz /etc/apparmor.d