Configuring and Using the AppArmor Desktop Monitor Applet

The Linux audit framework contains a dispatcher that can send AppArmor events to any consumer application via dbus. The GNOME AppArmor Desktop Monitor applet is one example of an application that gathers AppArmor events via dbus. To configure audit to use the dbus dispatcher, just set the dispatcher in your audit configuration in /etc/audit/auditd.conf to apparmor-dbus and restart auditd:

dispatcher=/usr/bin/apparmor-dbus

Once the dbus dispatcher is configured correctly, add the AppArmor Desktop Monitor to the GNOME panel by right-clicking the panel and selecting Add to Panel+AppArmor Desktop Monitor. As soon as a REJECT event is logged, the applet's panel icon changes appearance and you can click the applet to see the number of reject events per confined application. To view the exact log messages, refer to the audit log under /var/log/audit/audit.log. React to any REJECT events as described in Section 7.5, “Reacting to Security Event Rejections”.