| openSUSE-Dokumentation Chapter 7. Managing Profiled Applications / 7.5. Reacting to Security Event Rejections | ||||
|---|---|---|---|---|
 | 7.4. Configuring and Using the AppArmor Desktop Monitor Applet | 7.6. Maintaining Your Security Profiles |  | |
| openSUSE-Dokumentation Chapter 7. Managing Profiled Applications / 7.5. Reacting to Security Event Rejections | ||||
|---|---|---|---|---|
| 7.4. Configuring and Using the AppArmor Desktop Monitor Applet | 7.6. Maintaining Your Security Profiles | | |
When you receive a security event rejection, examine the access violation and determine if that event indicated a threat or was part of normal application behavior. Application-specific knowledge is required to make the determination. If the rejected action is part of normal application behavior, run aa-logprof at the command line or the in Novell AppArmor to update your profile.
If the rejected action is not part of normal application behavior, this access should be considered a possible intrusion attempt (that was prevented) and this notification should be passed to the person responsible for security within your organization.
