2010-02-12 10:14:11 -06:00
# This publication is intellectual property of Canonical Ltd. Its contents
# can be duplicated, either in part or in whole, provided that a copyright
# label is visibly located on each copy.
#
# All information found in this book has been compiled with utmost
# attention to detail. However, this does not guarantee complete accuracy.
# Neither Canonical Ltd, the authors, nor the translators shall be held
# liable for possible errors or the consequences thereof.
#
# Many of the software and hardware descriptions cited in this book
# are registered trademarks. All trade names are subject to copyright
# restrictions and may be registered trade marks. Canonical Ltd
# essentially adheres to the manufacturer's spelling.
#
# Names of products and trademarks appearing in this book (with or without
# specific notation) are likewise subject to trademark and trade protection
# laws and may thus fall under copyright restrictions.
#
=pod
=head1 NAME
2010-11-03 17:03:52 -07:00
aa-notify - display information about logged AppArmor messages.
2010-02-12 10:14:11 -06:00
=head1 SYNOPSIS
2010-11-03 17:03:52 -07:00
B<aa-notify> [option]
2010-02-12 10:14:11 -06:00
=head1 DESCRIPTION
2010-11-03 17:03:52 -07:00
B<aa-notify> will display a summary or provide desktop notifications
2010-02-12 10:14:11 -06:00
for AppArmor DENIED messages.
=head1 OPTIONS
2010-11-03 17:03:52 -07:00
B<aa-notify> accepts the following arguments:
2010-02-12 10:14:11 -06:00
=over 4
2010-05-12 10:46:22 +02:00
=item -p, --poll
2010-02-12 10:14:11 -06:00
poll AppArmor logs and display desktop notifications. Can be used with '-s'
option to display a summary on startup.
2014-09-08 20:40:33 +02:00
=item --display $DISPLAY
set the DISPLAY environment variable to $DISPLAY
(might be needed if sudo resets $DISPLAY)
2010-05-12 10:46:22 +02:00
=item -f FILE, --file=FILE
2010-03-27 09:16:38 -05:00
search FILE for AppArmor messages
2010-05-12 10:46:22 +02:00
=item -l, --since-last
2010-02-12 10:14:11 -06:00
show summary since last login.
2010-05-12 10:46:22 +02:00
=item -s NUM, --since-days=NUM
2010-02-12 10:14:11 -06:00
show summary for last NUM of days.
2010-05-12 10:46:22 +02:00
=item -u USER, --user=USER
2010-03-30 10:48:51 -05:00
2011-08-17 07:49:00 -05:00
user to drop privileges to when running privileged. When used with the -p
option, this should be set to the user that will receive desktop notifications.
This has no effect when running under sudo.
2010-03-30 10:48:51 -05:00
2010-05-12 10:46:22 +02:00
=item -w NUM, --wait=NUM
2010-03-30 10:48:51 -05:00
wait NUM seconds before displaying notifications (for use with -p)
2010-05-12 10:46:22 +02:00
=item -v, --verbose
2010-02-12 10:14:11 -06:00
show messages with summaries.
2010-05-12 10:46:22 +02:00
=item -h, --help
2010-02-12 10:14:11 -06:00
displays a short usage statement.
2010-02-12 10:25:02 -06:00
=back
2010-02-12 10:14:11 -06:00
=head1 CONFIGURATION
2010-11-03 17:03:52 -07:00
System-wide configuration for B<aa-notify> is done via
2010-02-12 10:14:11 -06:00
/etc/apparmor/notify.conf:
2024-09-17 09:17:23 +00:00
# Set to 'no' to disable AppArmor notifications globally
2010-02-12 10:14:11 -06:00
show_notifications="yes"
2024-09-17 09:17:23 +00:00
# Special profiles used to remove privileges for unconfined binaries using user namespaces. If unsure, leave as is.
userns_special_profiles="unconfined,unprivileged_userns"
# Theme for aa-notify GUI. See https://ttkthemes.readthedocs.io/en/latest/themes.html for available themes.
interface_theme="ubuntu"
# Binaries for which we ignore userns-related capability denials
ignore_denied_capability="sudo,su"
# OPTIONAL - kind of operations which display a popup prompt.
prompt_filter="userns"
# OPTIONAL - restrict using aa-notify to users in the given group
# (if not set, everybody who has permissions to read the logfile can use it)
# use_group="admin"
2010-02-12 10:14:11 -06:00
2018-02-26 14:43:19 +11:00
# OPTIONAL - custom notification message body
message_body="This is a custom notification message."
# OPTIONAL - custom notification message footer
message_footer="For more information visit https://foo.com"
2024-09-17 09:17:23 +00:00
# OPTIONAL - custom notification filtering
# Filters are used to reduce the output of information to only those entries that will match the filter. Filters use Python's regular expression syntax.
filter.profile="^(foo|bar)$" # Match the profile: Only shows notifications for profiles "foo" or "bar"
filter.operation="^open$" # Match the operation: Only shows notifications for "open" operation
filter.name="^(?!/usr/lib/)" # Match the name: Excludes notifications for names starting by "/usr/lib/"
filter.denied="^r$" # Match the denied_mask: Only shows notifications where "r", and only "r", was denied
filter.family="^inet$" # Match the network family: Only shows notifications for "inet" family
filter.socket="stream" # Match the network socket type: Only shows notifications for "stream" sockets
2018-10-06 14:09:11 +03:00
Per-user configuration is done via $XDG_CONFIG_HOME/apparmor/notify.conf (or
the deprecated ~/.apparmor/notify.conf if it exists):
2010-02-12 10:14:11 -06:00
# set to 'yes' to enable AppArmor DENIED notifications
show_notifications="yes"
=head1 BUGS
2010-11-03 17:03:52 -07:00
B<aa-notify> needs to be able to read the logfiles containing the
2010-02-12 10:14:11 -06:00
AppArmor DENIED messages.
2020-05-02 20:40:55 -07:00
If you find any additional bugs, please report them to Gitlab at
L<https://gitlab.com/apparmor/apparmor/-/issues>.
2010-02-12 10:14:11 -06:00
=head1 SEE ALSO
apparmor(7)
=cut
