You can change the status of AppArmor by enabling or disabling it. Enabling AppArmor protects your system from potential program exploitation. Disabling AppArmor, even if your profiles have been set up, removes protection from your system. You can determine how and when you are notified when system security events occur.
For event notification to work, you must set up a mail server on your system that can send outgoing mail using the single mail transfer protocol (SMTP), such as postfix or exim. |
To configure event notification or change the status of AppArmor, start YaST and select
+ .From the
screen, determine whether Novell AppArmor and security event notification are running by looking for a status message that reads or configure the mode of individual profiles.To change the status of Novell AppArmor, continue as described in Section 4.6.1, “Changing Novell AppArmor Status”. To change the mode of individual profiles, continue as described in Section 4.6.2, “Changing the Mode of Individual Profiles”. To configure security event notification, continue as described in Section 7.2, “Configuring Security Event Notification”.
When you change the status of AppArmor, set it to enabled or disabled. When AppArmor is enabled, it is installed, running, and enforcing the AppArmor security policies.
Start YaST and select
+ .Enable AppArmor by checking
or disable AppArmor by deselecting it.Click
in the window.Click
+ in the YaST Control Center.AppArmor can apply profiles in two different modes. In complain or learning mode, violations of AppArmor profile rules, such as the profiled program accessing files not permitted by the profile, are detected. The violations are permitted, but also logged. This mode is convenient for developing profiles and is used by the AppArmor tools for generating profiles. Loading a profile in enforce mode enforces the policy defined in the profile and reports policy violation attempts to syslogd.
The Section 5.6.2, “Systemic Profiling”), you can use this tool to adjust and monitor the scope of the profiles for which you are learning behavior.
dialog allows you to view and edit the mode of currently loaded AppArmor profiles. This feature is useful for determining the status of your system during profile development. During the course of systemic profiling (seeTo edit an application's profile mode, proceed as follows:
Start YaST and select
+ .In the
section, select .Select the profile for which to change the mode.
Select complain mode or to enforce mode.
to set this profile toApply your settings and leave YaST with
.To change the mode of all profiles, use
or .Listing the Profiles Available | |
---|---|
By default, only active profiles are listed—any profile that has a matching application installed on your system. To set up a profile before installing the respective application, click and select the profile to configure from the list that appears. |