Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

Also see for LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009: Administration guide Deployment guide Application guide

Contents

Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual Manual pdf 8 page image

2 8 Support 31728.1 Updating Novell AppArmor Online . . . . . . . . . . . . . . . . . 31728.2 Using the Man Pages . . . . . . . . . . . . . . . . . . . . . . . 31728.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 31928.4 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 32028.5 Reporting Bugs for AppArmor . . . . . . . . . . . . . . . . . . . 3272 9 AppArmor Glossary 329Part V The Linux Audit Framework 3333 0 Understanding Linux Audit 33530.1 Introducing the Components of Linux Audit . . . . . . . . . . . . . 33830.2 Configuring the Audit Daemon . . . . . . . . . . . . . . . . . . . 33930.3 Controlling the Audit System Using auditctl . . . . . . . . . . . . . 34530.4 Passing Parameters to the Audit System . . . . . . . . . . . . . . . 34730.5 Understanding the Audit Logs and Generating Reports . . . . . . . . . 35130.6 Querying the Audit Daemon Logs with ausearch . . . . . . . . . . . 36330.7 Analyzing Processes with autrace . . . . . . . . . . . . . . . . . . 36730.8 Visualizing Audit Data . . . . . . . . . . . . . . . . . . . . . . 3683 1 Setting Up the Linux Audit Framework 37131.1 Determining the Components to Audit . . . . . . . . . . . . . . . 37231.2 Configuring the Audit Daemon . . . . . . . . . . . . . . . . . . . 37331.3 Enabling Audit for System Calls . . . . . . . . . . . . . . . . . . 37431.4 Setting Up Audit Rules . . . . . . . . . . . . . . . . . . . . . . 37531.5 Configuring Audit Reports . . . . . . . . . . . . . . . . . . . . . 37731.6 Configuring Log Visualization . . . . . . . . . . . . . . . . . . . 3803 2 Introducing an Audit Rule Set 38332.1 Adding Basic Audit Configuration Parameters . . . . . . . . . . . . 38432.2 Adding Watches on Audit Log Files and Configuration Files . . . . . . . 38532.3 Monitoring File System Objects . . . . . . . . . . . . . . . . . . 38632.4 Monitoring Security Configuration Files and Databases . . . . . . . . . 38732.5 Monitoring Miscellaneous System Calls . . . . . . . . . . . . . . . 39032.6 Filtering System Call Arguments . . . . . . . . . . . . . . . . . . 39032.7 Managing Audit Event Records Using Keys . . . . . . . . . . . . . . 3933 3 Useful Resources 395