3.2. Building and Managing Novell AppArmor Profiles

There are three ways you can build and manage Novell AppArmor profiles, depending on the type of computer environment you prefer. You can use the graphical YaST interface (YaST GUI), the text-based YaST ncurses mode (YaST ncurses), or the command line interface. All three options are effective for creating and maintaining profiles while offering need-based options for users.

The command line interface requires knowledge of Linux commands and using terminal windows. All three methods use specialized Novell AppArmor tools for creating the profiles so you do not need to do it manually, which would be quite time consuming.

3.2.1. Using the YaST GUI

To use the YaST GUI for building and managing Novell AppArmor profiles, refer to Section 3.3, “Building Novell AppArmor Profiles with the YaST GUI” (↑Novell AppArmor 2.0 Administration Guide).

3.2.2. Using YaST ncurses

YaST ncurses can be used for building and managing Novell AppArmor profiles and is better suited for users with limited bandwidth connections to their server. Access YaST ncurses by typing yast while logged in to a terminal window or console as root. YaST ncurses has the same features as the YaST GUI.

Refer to the instructions in Section 3.3, “Building Novell AppArmor Profiles with the YaST GUI” (↑Novell AppArmor 2.0 Administration Guide) to build and manage Novell AppArmor profiles in YaST ncurses, but be aware that the screens look different but function similarly.

3.2.3. Using the Command Line Interface

The command line interface requires knowledge of Linux commands and using terminal windows. To use the command line interface for building and managing Novell AppArmor profiles, refer to Section 3.4, “Building Novell AppArmor Profiles Using the Command Line Interface” (↑Novell AppArmor 2.0 Administration Guide).

The command line interface offers access to a few tools that are not available using the other Novell AppArmor managing methods:

complain

Sets profiles into complain mode. Set it back to enforce mode when you want the system to begin enforcing the rules of the profiles, not just logging information. For more information about this tool, refer to Section 3.5.3.2, “Complain or Learning Mode” (↑Novell AppArmor 2.0 Administration Guide).

enforce

Sets profiles back to enforce mode and the system begins enforcing the rules of the profiles, not just logging information. For more information about this tool, refer to Section 3.5.3.3, “Enforce Mode” (↑Novell AppArmor 2.0 Administration Guide).

unconfined

Performs a server audit to find processes that are running and listening for network connections then reports whether they are profiled.

autodep

Generates a profile skeleton for a program and loads it into the Novell AppArmor module in complain mode.