The Linux audit framework contains a dispatcher that can send AppArmor
events to any consumer application via dbus. The GNOME AppArmor Desktop
Monitor applet is one example of an application that gathers AppArmor events
via dbus. To configure audit to use the dbus dispatcher, just set the
dispatcher in your audit configuration in
/etc/audit/auditd.conf
to
apparmor-dbus
and restart auditd:
dispatcher=/usr/bin/apparmor-dbus
Once the dbus dispatcher is configured correctly, add the AppArmor Desktop
Monitor to the GNOME panel by right-clicking the panel and selecting
REJECT
event is logged, the applet's panel icon changes appearance and you can
click the applet to see the number of reject events per confined
application. To view the exact log messages, refer to the audit log under
/var/log/audit/audit.log
. React to any
REJECT
events as described in
Section 7.5, “Reacting to Security Event Rejections”.