3.6 Managing Novell AppArmor and Security Event Status

You can change the status of AppArmor by enabling or disabling it. Enabling AppArmor protects your system from potential program exploitation. Disabling AppArmor, even if your profiles have been set up, removes protection from your system. You can determine how and when you are notified when system security events occur.

NOTE: For event notification to work, you must set up a mail server on your system that can send outgoing mail using the single mail transfer protocol (SMTP), such as postfix or exim.

To configure event notification or change the status of AppArmor, start YaST and select Novell AppArmor > Novell AppArmor Control Panel.

The AppArmor control 	panel

From the AppArmor Configuration screen, determine whether Novell AppArmor and security event notification are running by looking for a status message that reads enabled or configure the mode of individual profiles.

To change the status of Novell AppArmor, continue as described in Changing Novell AppArmor Status. To change the mode of individual profiles, continue as described in Section 3.6.2, Changing the Mode of Individual Profiles. To configure security event notification, continue as described in Section 6.2, Configuring Security Event Notification.

3.6.1 Changing Novell AppArmor Status

When you change the status of AppArmor, set it to enabled or disabled. When AppArmor is enabled, it is installed, running, and enforcing the AppArmor security policies.

  1. Start YaST and select Novell AppArmor > AppArmor Control Panel.

  2. Enable AppArmor by checking Enable AppArmor or disable AppArmor by deselecting it.

  3. Click Done in the AppArmor Configuration window.

  4. Click File > Quit in the YaST Control Center.

3.6.2 Changing the Mode of Individual Profiles

AppArmor can apply profiles in two different modes. In complain or learning mode, violations of AppArmor profile rules, such as the profiled program accessing files not permitted by the profile, are detected. The violations are permitted, but also logged. This mode is convenient for developing profiles and is used by the AppArmor tools for generating profiles. Loading a profile in enforce mode enforces the policy defined in the profile and reports policy violation attempts to syslogd.

The Profile Modes dialog allows you to view and edit the mode of currently loaded AppArmor profiles. This feature is useful for determining the status of your system during profile development. During the course of systemic profiling (see Section 4.6.2, Systemic Profiling), you can use this tool to adjust and monitor the scope of the profiles for which you are learning behavior.

To edit an application's profile mode, proceed as follows:

  1. Start YaST and select Novell AppArmor > AppArmor Control Panel.

  2. In the Configure Profile Modes section, select Configure.

  3. Select the profile for which to change the mode.

  4. Select Toggle Mode to set this profile to complain mode or to enforce mode.

  5. Apply your settings and leave YaST with Done.

To change the mode of all profiles, use Set All to Enforce or Set All to Complain.

HINT: Listing the Profiles Available

By default, only active profiles are listed—any profile that has a matching application installed on your system. To set up a profile before installing the respective application, click Show All Profiles and select the profile to configure from the list that appears.