| openSUSE-Dokumentation Chapter 7. Managing Profiled Applications / 7.4. Configuring and Using the AppArmor Desktop Monitor Applet | ||||
|---|---|---|---|---|
 | 7.3. Configuring Reports | 7.5. Reacting to Security Event Rejections |  | |
| openSUSE-Dokumentation Chapter 7. Managing Profiled Applications / 7.4. Configuring and Using the AppArmor Desktop Monitor Applet | ||||
|---|---|---|---|---|
| 7.3. Configuring Reports | 7.5. Reacting to Security Event Rejections | | |
The Linux audit framework contains a dispatcher that can send AppArmor
events to any consumer application via dbus. The GNOME AppArmor Desktop
Monitor applet is one example of an application that gathers AppArmor events
via dbus. To configure audit to use the dbus dispatcher, just set the
dispatcher in your audit configuration in
/etc/audit/auditd.conf to
apparmor-dbus and restart auditd:
dispatcher=/usr/bin/apparmor-dbus
Once the dbus dispatcher is configured correctly, add the AppArmor Desktop
Monitor to the GNOME panel by right-clicking the panel and selecting
+. As soon as a REJECT
event is logged, the applet's panel icon changes appearance and you can
click the applet to see the number of reject events per confined
application. To view the exact log messages, refer to the audit log under
/var/log/audit/audit.log. React to any
REJECT events as described in
Section 7.5, “Reacting to Security Event Rejections”.
