[Bug 497090] New: enhancements: AppArmor Security Event Report -> Security Incident Report
http://bugzilla.novell.com/show_bug.cgi?id=497090 Summary: enhancements: AppArmor Security Event Report -> Security Incident Report Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: i686 OS/Version: openSUSE 11.1 Status: NEW Severity: Enhancement Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: grey-olli@ya.ru QAContact: jsrain@novell.com Found By: --- User-Agent: Opera/9.64 (X11; Linux i686; U; en) Presto/2.1.1 Yast2 interface to apparmor logs enhancements would be nice.. 1: starting dates in filter should be taken from now (this year and month, at least) - it will be prettier. 2: The tables generated are not well organized - misunderstanding may arrive: 2.1: profile name/program name - above these fields would be nice to see a 1 example of imput. For example I've events related to skype, but after I entered usr.bin.skype in profile name got no result - probably full path or tail of basename required? :? Or profile name in apparmor.d is not the profile name the viewer waits for? ?-) 2.2 In resulting report I see two near columns: "mode deny" and "mode request", then event type. Well, the contents are some times confusing, for example: 'mode deny' and 'mode request' are the same and the action is permitting. The report should tell that this was in complain mode (if that is catchable from logs). 2.3 The length of column is some times not enough wide to view full path to requested object. For example I can't recognise full path to pcm device skype fails to mmap. 2.4 Permitting when action is permitted partially is confusing, should look like "PARTIALLY PERMITTING", or "FILTERING" . 2.5 When alot of logs avaliable the interface is very slow. Should appear somthing like a key to stop current action and return to last view. 2.6 When choosing page to view accept is 'Save', should be 'OK', or 'Accept'. 2.7 The column program contains the object being accessed. Why not to name it so? The program '/var/run/utmp' or 'NIL' or some non-existing path looks not in meaning context. Reproducible: Always Expected Results: Some enhancements to make interface more intuitive. ) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=497090
Josef Reidinger
http://bugzilla.novell.com/show_bug.cgi?id=497090
Steffen Winterfeldt
http://bugzilla.novell.com/show_bug.cgi?id=497090
User kmachalkova@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=497090#c1
Katarina Machalkova
participants (1)
-
bugzilla_noreply@novell.com