Novell Documentation: Novell AppArmor Powered by Immunix - Managing Novell AppArmor and Security Event Status

3.6 Managing Novell AppArmor and Security Event Status

You can change the status of Novell AppArmor by enabling or disabling it. Enabling Novell AppArmor protects your system from potential program exploitation. Disabling Novell AppArmor, even if your profiles have been set up, removes protection from your system. You can determine how and when you are notified when system security events occur.

NOTE: For event notification to work, you must set up a mail server on your system that can send outgoing mail using the single mail transfer protocol (SMTP), such as postfix or exim.

To configure event notification or change the status of Novell AppArmor, perform the following steps:

Start YaST and select Novell AppArmor Novell AppArmor Control Panel .
From the AppArmor Configuration screen, determine whether Novell AppArmor and security event notification are running by looking for a status message that reads enabled or configure the mode of individual profiles.
- To change the status of Novell AppArmor, continue as described in Changing Novell AppArmor Status.
- To change the mode of individual profiles, continue as described in Section 3.6.2, Changing the Mode of Individual Profiles.
- To configure security event notification, continue as described in Section 6.2, Configuring Security Event Notification.

3.6.1 Changing Novell AppArmor Status

When you change the status of Novell AppArmor, set it to enabled or disabled. When Novell AppArmor is enabled, it is installed, running, and enforcing the Novell AppArmor security policies.

Start YaST and select Novell AppArmor AppArmor Control Panel .
In the Enable Novell AppArmor section of the window, click Configure. The Enable AppArmor dialog box opens.
Enable Novell AppArmor by selecting Enabled or disable Novell AppArmor by selecting Disabled. Then click OK.
Click Done in the AppArmor Configuration window.
Click File Quit in the YaST Control Center.

3.6.2 Changing the Mode of Individual Profiles

AppArmor can apply profiles in two different modes. In complain or learning mode, violations of AppArmor profile rules, such as the profiled program accessing files not permitted by the profile, are detected. The violations are permitted, but also logged. This mode is convenient for developing profiles and is used by the AppArmor tools for generating profiles. Loading a profile in enforce mode enforces the policy defined in the profile as well as reports policy violation attempts to syslogd.

YaST's Profile Mode dialog allows you to view and edit the mode of currently loaded AppArmor profiles. This feature is useful to determine the status of your system during profile development. During the course of systemic profiling (see Section 4.6.2, Systemic Profiling), you can utilize this tool to adjust and monitor the scope of the profiles that you are learning behavior for.

To edit an application's profile mode, proceed as follows:

Start YaST and select Novell AppArmor AppArmor Control Panel .
In the Configure Profile Mode section, select Configure.
Select the profile whose mode you want to change.
Select Toggle Mode to either set this profile to complain mode or to enforce mode.
Apply your settings and leave YaST with Done.

To change the mode of all profiles, use Set All to Enforce or Set All to Complain.

HINT: Listing the Profiles Available

By default, only active profiles are listed, i.e. any profile that has a matching application installed on your system. Should you want to set up a profile before installing the respective application, click Show All Profiles and select the profile you want to configure from the list that appears.