RBAC learning mode question
Posted: Tue Jun 19, 2012 4:54 pm
I'm new to grsec, having compiled it a couple months ago, figured out the PaX flags to get everything working, etc., and been using it ever since without RBAC.
Now I'm ready to take the next step but I'd like a little more guidance before I dive in.
The documentation says that, while in learning mode, you should authenticate to the admin role before doing administrative tasks [I've also read elsewhere that you should avoid admin tasks altogether while in learning mode]. In this context, what are considered administrative tasks? Only actions that modify the RBAC system or grsec files themselves? Or do 'administrative tasks' include anything that you would normally sudo (or su) to complete on a system without RBAC? For me, normal use includes using sudo fairly often (if only to dmesg, for example). Should I be doing that at all in learning mode? Or is it ok as long as I gradm -a admin first?
I went through the system wide learning mode once already but when I made my policy and activated RBAC it clearly wasn't right - I had to shut off the power and restart to kill RBAC and get back in control. What's the best way to 'undo' and start the learning process over? I'm assuming it is necessary to tweak the policy as generated by learning mode before activating RBAC [I didn't the first time...]
Thanks for any help in advance, and thanks to spender and all who have contributed to grsecurity/PaX in general. Better and more widespread security is hugely needed.
Regards,
spaghetti
Now I'm ready to take the next step but I'd like a little more guidance before I dive in.
The documentation says that, while in learning mode, you should authenticate to the admin role before doing administrative tasks [I've also read elsewhere that you should avoid admin tasks altogether while in learning mode]. In this context, what are considered administrative tasks? Only actions that modify the RBAC system or grsec files themselves? Or do 'administrative tasks' include anything that you would normally sudo (or su) to complete on a system without RBAC? For me, normal use includes using sudo fairly often (if only to dmesg, for example). Should I be doing that at all in learning mode? Or is it ok as long as I gradm -a admin first?
I went through the system wide learning mode once already but when I made my policy and activated RBAC it clearly wasn't right - I had to shut off the power and restart to kill RBAC and get back in control. What's the best way to 'undo' and start the learning process over? I'm assuming it is necessary to tweak the policy as generated by learning mode before activating RBAC [I didn't the first time...]
Thanks for any help in advance, and thanks to spender and all who have contributed to grsecurity/PaX in general. Better and more widespread security is hugely needed.
Regards,
spaghetti