4.4. Reacting to Security Events

There are a few common maintenance issues that you should regularly inspect and deal with according to the rules that you have established. The following are some common maintenance issues that you might encounter:

4.4.1. Receiving a Security Event Rejection

When you receive a rejection, examine the access violation and determine if that event indicated a threat or was part of normal application behavior. Application-specific knowledge is required to make the determination. If the rejection represents normal application behavior, running logprof at the command line or the Update Profile Wizard in Novell AppArmor allows you to iterate through all reject messages. By selecting the one that matches the specific reject, you can automatically update your profile.

If the rejection is not part of normal application behavior, this access should be considered a possible intrusion attempt (that was prevented) and this notification should be passed to the person responsible for security within your organization.

4.4.2. Changing Application Security

Users can always manually edit the profile, using vim at the command line or Edit Profile in YaST.