Security event notification is an Novell AppArmor feature that informs a specified e-mail recipient when systemic Novell AppArmor activity occurs. This feature is currently available via YaST.
When you enter an e-mail address, you are notified via e-mail when Novell AppArmor security events occur. You can enable three types of notifications, which are:
Terse notification summarizes the total number of system events without providing details. For example:
dhcp-101.up.wirex.com has had 10 security events since Tue Oct 12 11:10:00 2004
The summary notification displays the logged Novell AppArmor security events and lists the number of individual occurrences, including the date of the last occurrence. For example:
AppArmor: PERMITTING access to capability ’setgid’ (httpd2-prefork(6347) profile /usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork) 2 times, the latest at Sat Oct 9 16:05:54 2004.
The verbose notification displays unmodified, logged Novell AppArmor security events. It tells you every time an event occurs and writes a new line in the verbose log. These security events include the date and time the event occurred, when the application profile permits and rejects access, and the type of file permission access that is permitted or rejected. Verbose notification also reports several messages that the logprof tool (see Section 188.8.131.52, “logprof” (↑Novell AppArmor 2.0 Administration Guide)) uses to interpret profiles. For example:
Oct 9 15:40:31 AppArmor: PERMITTING r access to /etc/apache2/httpd.conf (httpd2-prefork(6068) profile /usr/sbin/httpd2-prefork active /usr/sbin/httpd2-prefork)
To configure event notification, refer to Section 4.2.2, “Configuring Security Event Notification” (↑Novell AppArmor 2.0 Administration Guide). After configuring security event notification, read the reports and determine whether events require follow up. Follow up may include the procedures outlined in Section 4.4.1, “Receiving a Security Event Rejection” (↑Novell AppArmor 2.0 Administration Guide).
You can set up Novell AppArmor to send you event messages for things
that are in the severity database and above the level that you
select.These are numbered one through ten, ten being the most severe
security incident. The
severity.db file defines the
severity level of potential security events. The severity levels are
determined by the importance of different security events, such as certain
resources accessed or services denied.
Security event notification is a Novell AppArmor feature that informs you when systemic Novell AppArmor activity occurs. When you select a notification frequency (receiving daily notification, for example), you activate the notification. You are required to enter an e-mail address, so you can be notified via e-mail when Novell AppArmor security events occur.
You must set up a mail server on your SUSE Linux that can send outgoing mail using the SMTP protocol (for example, postfix or exim) for event notification to work.
In thesection of the window, click .
In the Section 4.2.1, “Severity Level Notification” (↑Novell AppArmor 2.0 Administration Guide). To be sent a notification e-mail outlining recent Novell AppArmor security events, determine your notification type preference.window, you have the option to enable , , or event notification, which are defined in
In each applicable notification type section, enter the e-mail addresses of those who should receive notification in the field provided. If notification is enabled, you must enter an e-mail address. Otherwise you receive an error message. Separate multiple e-mail addresses with commas.
For each notification type that you would like enabled, select the frequency of notification.
Select a notification frequency from the following options:
For each selected notification type, select the lowest severity level for which a notification should be sent. Security events are logged and the notifications are sent at the time indicated by the interval when events are equal to or greater than the selected severity level. If the interval is Section 4.2.1, “Severity Level Notification” (↑Novell AppArmor 2.0 Administration Guide) for more information about severity levels., the notification is sent daily, if security events occur. Refer to
Clickin the window.
Click+ in the YaST Control Center.