Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 320
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - SECURITY:
- Installation (5 pages) ,
- Administration manual (452 pages)
Table of Contents
Advertisement
aa-logprof—Scanning the System Log
aa-logprof is an interactive tool used to review the learning or complain mode output
found in the log entries in /var/log/audit/audit.log or /var/log/
messages (if auditd is not running) and generate new entries in AppArmor security
profiles.
When you run aa-logprof, it begins to scan the log files produced in learning or complain
mode and, if there are new security events that are not covered by the existing profile
set, it gives suggestions for modifying the profile. The learning or complain mode traces
program behavior and enters it in the log. aa-logprof uses this information to observe
program behavior.
If a confined program forks and executes another program, aa-logprof sees this and
asks the user which execution mode should be used when launching the child process.
The execution modes ix, px, Px, ux, and Ux are options for starting the child process.
If a separate profile exists for the child process, the default selection is px. If one does
not exist, the profile defaults to ix. Child processes with separate profiles have aa-autodep
run on them and are loaded into AppArmor, if it is running.
When aa-logprof exits, profiles are updated with the changes. If the AppArmor module
is running, the updated profiles are reloaded and, if any processes that generated secu-
rity events are still running in the null-complain-profile, those processes are set to run
under their proper profiles.
TIP: Support for the External Profile Repository
Similar to the aa-genprof, aa-logprof also supports profile exchange with the
external repository server. For background information on the use of the exter-
nal AppArmor profile repository, refer to
Repository"
to the server, check the procedure described under
erating Profiles"
To run aa-logprof, enter aa-logprof into a terminal window while logged in as
root. The following options can be used for aa-logprof:
306
Security Guide
(page 262). For details on how to configure access and access mode
(page 297).
Section 22.2, "Using the External
Section "aa-genprof—Gen-
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE SERVER 11 - SECURITY
Related Products for Novell LINUX ENTERPRISE SERVER 11 - SECURITY
- NOVELL LINUX ENTERPRISE DESKTOP 10 - IPRINT CLIENT
- NOVELL LINUX ENTERPRISE DESKTOP 11 - OPENOFFICE
- NOVELL LINUX ENTERPRISE SERVER 10 - STORAGE ADMINISTRATION GUIDE FOR EVMS
- NOVELL LINUX ENTERPRISE SERVER 11 - STORAGE ADMINISTRATION GUIDE 2-23-2010
- NOVELL LINUX ENTERPRISE SERVER 11 - DEPLOYMENT
- NOVELL LINUX ENTERPRISE SERVER 11 - VIRTUALIZATION
- NOVELL LINUX ENTERPRISE SERVER STARTER SYSTEM
- NOVELL LINUX ENTERPRISE DESKTOP 10
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - VIRTUALIZATION WITH XEN
- Novell eBook Reader
- NOVELL LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME 17-03-2009
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE 17-03-2009
- Novell 3.6 05-2008
Need help?
Do you have a question about the LINUX ENTERPRISE SERVER 11 - SECURITY and is the answer not in the manual?
Questions and answers