AppArmor Admin Guide - Updating Profiles from Log Entries

AppArmor Admin Guide
Previous Page	Table of Contents	Next Page

3.5 Updating Profiles from Log Entries

The Novell AppArmor profile wizard uses aa-logprof, the tool that scans log files and enables you to update profiles. aa-logprof tracks messages from the Novell AppArmor module that represent exceptions for all profiles running on your system. These exceptions represent the behavior of the profiled application that is outside of the profile definition for the program. You can add the new behavior to the relevant profile by selecting the suggested profile entry.

HINT: Support for the External Profile Repository

Similar to the Add Profile Wizard, the Update Profile Wizard also supports profile exchange with the external repository server. For background information on the use of the external AppArmor profile repository, refer to Section 2.5, Using the External AppArmor Profile Repository. For details on how to configure access and access mode to the server, check the procedure described under Section 3.1, Adding a Profile Using the Wizard.

Start YaST and select Novell AppArmor > Update Profile Wizard.

Running Update Profile Wizard (aa-logprof) parses the learning mode log files. This generates a series of questions that you must answer to guide aa-logprof to generate the security profile. The exact procedure is the same as with creating a new profile. Refer to Step 9 in Section 3.1, Adding a Profile Using the Wizard for details.
When you are done, click Finish. In the following pop-up, click Yes to exit the Add Profile Wizard. The profile is saved and loaded into the Novell AppArmor module.

AppArmor Admin Guide
Previous Page	Table of Contents	Next Page