Apart from transparently enabling and disabling aa-eventd with the YaST modules,
you can manually toggle its status with the
rcaaeventd
init script. The AppArmor
event daemon is not required for proper functioning of the profiling process (such as
enforcement or learning). It is just required for reporting.
Find more details on security event notification in
Section 6.2, “Configuring Security
Event Notification”
(page 88) and on scheduled reports in
Section 6.3, “Configuring
Reports”
(page 91).
If you prefer a simple way of being notified of any AppArmor reject events that does
not require you to check your e-mails or any log files, use the AppArmor Desktop
Monitor applet that integrates into the GNOME desktop. Refer to
Section 6.4, “Config-
uring and Using the AppArmor Desktop Monitor Applet”
(page 111) for details.
6.2 Configuring Security Event
Notification
Security event notification is a Novell AppArmor feature that informs you when systemic
Novell AppArmor activity occurs. Activate it by selecting a notification frequency
(receiving daily notification, for example). Enter an e-mail address, so you can be noti-
fied by e-mail when Novell AppArmor security events occur. Select one of the following
notification types:
Terse
Terse notification summarizes the total number of system events without providing
details. For example:
jupiter.example.com has had 41 security events since Mon Sep 10 14:53:16
2007.
Summary Notification
Summary notification displays the logged Novell AppArmor security events and
lists the number of individual occurrences, including the date of the last occurrence.
For example:
AppArmor: PERMITTING access to capability ’setgid’ (httpd2-prefork(6347)
profile /usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork) 2 times,
the latest at Sat Oct 9 16:05:54 2004.
88
Novell AppArmor Administration Guide