On 8/17/2011 12:12 AM, Roger Luedecke wrote:
On Tuesday, August 16, 2011 02:43:37 PM Christian Boltz wrote:
There is aa-notify (accidently named /usr/sbin/aa-apparmor_notify in 11.4). Unfortunately it is underdocumented :-( and since it needs to start as root (for read permissions on audit.log), it should probably be started by init/systemd.
There's a bit of configuration needed, I can write about the details if someone is interested. It works (well, see next paragraph) and gives you nice desktop notifications.
Unfortunately a security feature of aa-notify strikes back - it drops privileges after startup and then can't access /var/log/audit/ anymore. I'm just sorting that out with Jamie (one of the AppArmor developers). Unless there is a patch, the workaround is chmod 755 /var/log/audit/ (or better use chgrp trusted and chmod 750) Well now, then we just need to get this working then. That will be a massive boon. Quite frankly I can't imagine why this wouldn't have been a priority. The majority of Linux/openSUSE users I know are home desktop users. In fact, I only know one person who uses a non-enterprise supported Linux in a corporate space... which is openSUSE proudly enough.
I do. (well, our operation probably does not yet qualify as "enterprise" depending on who you talk to, but it's growing not shrinking or static and we're an application service provider as well as the developers of the main application being served. Other companies run their whole businesses on our software and servers so I am charged with maintaining a very high standard of availability, recoverability, and performance. It's a lot of users and they're all businesses and it's the life blood of their business in each case and some of them are big and doing a lot of business, so it's very important to each of them and I could use anything I want, money/licensing isn't an issue.) My main reason for specifying opensuse instead of sles was actually not money but compatibility/standardization and availability. That's a small sentence but impacts many areas both directly and indirectly and it adds up to be a big deal. Not even all selfish ones either. I don't want to waste my time figuring out and then documenting for others how to do something cool, or working on some package to make either the package or the OS integration better, that only works on SLE and is only available to the few people running SLE. My main reasons for specifying suse-anything instead of other equally non commercial yet mature distros like fedora/centos, debian, gentoo, or arch, don't seem to really exist any more, or at least are not as true as in the past. Don't read that as "suse was good but now it sux". It implies changes over time in 4 different areas. Changes (and lack of) in suse, changes in other distros, changes in the underlying constituent software common to all distros, changes in myself. Most of the reasons I specifically use opensuse would actually apply just about as well to several other non commercial distros. It's mostly inertia and maintaining standardization across my operation at this point. There's no especially strong reason to use opensuse now, but neither is there any especially strong reason not to. It's got it's pro's & cons, and it's fine. But for now I specifically use opensuse for everything across the board including the main internet-facing, customer-using, application workhorse servers. I maximize the pros and minimize the cons and all in all it's still a nice tidy predictable usable safe dependable efficient system. -- bkw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org