There are three ways you can build and manage Novell AppArmor profiles, depending on the type of computer environment you prefer: the graphical YaST interface (YaST GUI), the text-based YaST ncurses mode (YaST ncurses), or the command line interface. All three options are effective for creating and maintaining profiles while offering need-based options for users.
The command line interface requires knowledge of Linux commands and uses terminal windows. All three methods use specialized Novell AppArmor tools for creating the profiles so you do not need to do it manually, which would be quite time consuming.
To use the YaST GUI for building and managing Novell AppArmor profiles, refer to Section 3.3, “Building Novell AppArmor Profiles with the YaST GUI”.
YaST ncurses can be used for building and managing Novell AppArmor profiles and is
better suited for users with limited bandwidth connections to the server.
Access YaST ncurses by typing yast while logged in to
a terminal window or console as root
. YaST ncurses has the same
features as the YaST GUI.
Refer to the instructions in Section 3.3, “Building Novell AppArmor Profiles with the YaST GUI” to build and manage Novell AppArmor profiles in YaST ncurses, but be aware that the screens look different, but function similarly.
The command line interface requires knowledge of Linux commands and uses terminal windows. To use the command line interface for building and managing Novell AppArmor profiles, refer to Section 3.4, “Building Novell AppArmor Profiles Using the Command Line Interface”.
The command line interface offers access to a few tools that are not available using the other Novell AppArmor managing methods:
Sets profiles into complain mode. Set it back to enforce mode when you want the system to begin enforcing the rules of the profiles, not just to log information. For more information about this tool, refer to Section 3.5.3.2, “aa-complain—Entering Complain or Learning Mode”.
Sets profiles back to enforce mode and the system begins enforcing the rules of the profiles instead of just logging information. For more information about this tool, refer to Section 3.5.3.3, “aa-enforce—Entering Enforce Mode”.
Performs a server audit to find processes that are running and listening for network connections then reports whether they are profiled.
Generates a profile skeleton for a program and loads it into the Novell AppArmor module in complain mode.