Novell AppArmor - Administration Guide (engl.)

Inhaltsübersicht

Novell® AppArmor is designed to provide easy-to-use application security for both servers and workstations. Novell AppArmor is an access control system that lets you specify per program which files the program may read, write, and execute. AppArmor secures applications by enforcing good application behavior without relying on attack signatures, so can prevent attacks even if they are exploiting previously unknown vulnerabilities.

Novell AppArmor consists of:

This guide covers the following topics:

1. Immunizing Programs

Describes the operation of Novell AppArmor and describes the types of programs that should have Novell AppArmor profiles created for them.

1.1. Introducing the AppArmor Framework
1.2. Determining Programs to Immunize
1.3. Immunizing Cron Jobs
1.4. Immunizing Network Applications
2. Profile Components and Syntax

Introduces the profile components and syntax.

2.1. Breaking a Novell AppArmor Profile into Its Parts
2.2. #include Statements
2.3. Capability Entries (POSIX.1e)
3. Building and Managing Profiles With YaST

Describes how to use the AppArmor YaST modules to build, maintain and update profiles.

3.1. Adding a Profile Using the Wizard
3.2. Manually Adding a Profile
3.3. Editing Profiles
3.4. Deleting a Profile
3.5. Updating Profiles from Log Entries
3.6. Managing Novell AppArmor and Security Event Status
4. Building Profiles via the Command Line

Describes how to use the AppArmor command line tools to build, maintain and update profiles.

4.1. Checking the AppArmor Module Status
4.2. Building Novell AppArmor Profiles
4.3. Adding or Creating a Novell AppArmor Profile
4.4. Editing a Novell AppArmor Profile
4.5. Deleting a Novell AppArmor Profile
4.6. Two Methods of Profiling
4.7. Pathnames and Globbing
4.8. File Permission Access Modes
4.9. Important Filenames and Directories
5. Profiling Your Web Applications Using ChangeHat

Enables you to create subprofiles for the Apache Web server that allow you to tightly confine small sections of Web application processing.

5.1. Apache ChangeHat
5.2. Configuring Apache for mod_apparmor
6. Managing Profiled Applications

Describes how to perform Novell AppArmor profile maintenance, which involves tracking common issues and concerns.

6.1. Monitoring Your Secured Applications
6.2. Configuring Security Event Notification
6.3. Configuring Reports
6.4. Reacting to Security Event Rejections
6.5. Maintaining Your Security Profiles
7. Support

Indicates support options for this product.

7.1. Updating Novell AppArmor Online
7.2. Using the Man Pages
7.3. For More Information
7.4. Troubleshooting
7.5. Reporting Bugs for AppArmor
Glossary

Provides a list of terms and their definitions.

Diese Veröffentlichung ist das geistige Eigentum von Novell, Inc.

 Ihr Inhalt darf ganz oder teilweise dupliziert werden, sofern jede Kopie einen sichtbaren Copyright-Hinweis trägt.
 Alle Informationen in diesem Buch wurden mit größter Sorgfalt zusammengestellt. Doch auch dadurch kann hundertprozentige Richtigkeit nicht gewährleistet werden. Weder SUSE LINUX GmbH noch die Autoren noch die Übersetzer können für mögliche Fehler und deren Folgen haftbar gemacht werden.
 Novell, das Novell-Logo, das N-Logo und SUSE sind eingetragene Marken von Novell, Inc., in den Vereinigten Staaten und anderen Ländern. * Linux ist eine eingetragene Marke von Linus Torvalds. Alle anderen Drittanbieter-Marken sind das Eigentum der jeweiligen Inhaber.
Vorschläge und Kommentare richten Sie bitte an documentation@suse.de.