- Code: Select all
[ 74.263359] grsec: (root:U:/sbin/gradm) grsecurity 2.2.2 RBAC system loaded by /sbin/gradm[gradm:1501] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1495] uid/euid:0/0 gid/egid:0/0
[ 82.103358] grsec: (root:U:/sbin/gradm) successful change to special role shutdown (id 1) by /sbin/gradm[gradm:1502] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1495] uid/euid:0/0 gid/egid:0/0
[ 86.002689] grsec: (root:U:/sbin/init) denied connect() to the unix domain socket /dev/log by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0
[ 86.003172] grsec: (root:U:/sbin/init) use of CAP_SYS_TTY_CONFIG denied for /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0
[ 86.003182] grsec: (root:U:/sbin/init) use of CAP_SYS_TTY_CONFIG denied for /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0
[ 86.003191] grsec: (root:U:/sbin/init) use of CAP_SYS_TTY_CONFIG denied for /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0
[ 86.003202] grsec: (root:U:/sbin/init) use of CAP_SYS_TTY_CONFIG denied for /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0
[ 86.003212] grsec: (root:U:/sbin/init) use of CAP_SYS_TTY_CONFIG denied for /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0
[ 86.005364] grsec: (shutdown:S:/) denied open of /root/.bash_history for appending by /bin/bash[bash:1495] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
[ 86.005624] grsec: (shutdown:S:/) denied open of /root/.bash_history for reading by /bin/bash[bash:1495] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
[ 87.008750] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/stty[stty:1516] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rc[rc:1515] uid/euid:0/0 gid/egid:0/0
[ 87.009007] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/stty[stty:1516] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rc[rc:1515] uid/euid:0/0 gid/egid:0/0
[ 87.009247] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/stty[stty:1516] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rc[rc:1515] uid/euid:0/0 gid/egid:0/0
[ 87.009488] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/stty[stty:1516] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rc[rc:1515] uid/euid:0/0 gid/egid:0/0
[ 87.009727] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/stty[stty:1516] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rc[rc:1515] uid/euid:0/0 gid/egid:0/0
[ 87.031561] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rc[rc:1515] uid/euid:0/0 gid/egid:0/0
[ 87.033949] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 87.042927] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/grep[grep:1521] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.043481] grsec: (root:U:/) use of CAP_NET_RAW denied for /sbin/ebtables[ebtables:1520] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.045063] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1522] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.074397] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 87.108149] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1525] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.138759] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1525] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.171171] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1526] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.202604] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1526] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.235994] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1527] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.268573] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1527] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.302537] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1528] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/ebtables[ebtables:1519] uid/euid:0/0 gid/egid:0/0
[ 87.355674] grsec: (root:U:/) denied create of /var/lib/libvirt/libvirt-guests for writing by /etc/init.d/libvirt-guests[libvirt-guests:1529] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 87.408459] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1533] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.446375] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1540] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.481178] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 87.518923] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1543] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.554020] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1543] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.590073] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1544] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.624818] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1544] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.660459] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1545] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.694851] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1545] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/libvirt-bin[libvirt-bin:1532] uid/euid:0/0 gid/egid:0/0
[ 87.777824] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1549] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.813271] grsec: (root:U:/) denied send of signal 19 to protected task /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.864130] grsec: (root:U:/) denied send of signal 19 to protected task /sbin/udevd[udevd:380] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.898126] grsec: (root:U:/) denied send of signal 19 to protected task /sbin/udevd[udevd:381] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.931991] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/rsyslogd[rsyslogd:1242] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932021] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/acpid[acpid:1256] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932044] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/cron[cron:1282] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932067] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932086] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/libvirtd[libvirtd:1307] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932107] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932126] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/sshd[sshd:1378] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932146] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.932162] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933391] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933401] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933413] grsec: (root:U:/) denied send of signal 15 to protected task /usr/sbin/sshd[sshd:1378] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933424] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933436] grsec: (root:U:/) denied send of signal 15 to protected task /usr/sbin/libvirtd[libvirtd:1307] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933446] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933458] grsec: (root:U:/) denied send of signal 15 to protected task /usr/sbin/cron[cron:1282] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933471] grsec: (root:U:/) denied send of signal 15 to protected task /usr/sbin/acpid[acpid:1256] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933484] grsec: (root:U:/) denied send of signal 15 to protected task /sbin/udevd[udevd:381] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933497] grsec: (root:U:/) denied send of signal 15 to protected task /sbin/udevd[udevd:380] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933509] grsec: (root:U:/) denied send of signal 15 to protected task /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933541] grsec: (root:U:/) denied send of signal 18 to protected task /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1550] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 87.933545] grsec: more alerts, logging disabled for 10 seconds
[ 98.990429] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1575] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.017457] grsec: (root:U:/) denied send of signal 19 to protected task /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.056079] grsec: (root:U:/) denied send of signal 19 to protected task /sbin/udevd[udevd:380] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.082259] grsec: (root:U:/) denied send of signal 19 to protected task /sbin/udevd[udevd:381] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.108476] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/rsyslogd[rsyslogd:1242] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.134640] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/acpid[acpid:1256] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.160703] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/cron[cron:1282] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.186743] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.212540] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/libvirtd[libvirtd:1307] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.238524] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.264349] grsec: (root:U:/) denied send of signal 19 to protected task /usr/sbin/sshd[sshd:1378] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.290276] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.316042] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.342876] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.368693] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.394501] grsec: (root:U:/) denied send of signal 9 to protected task /usr/sbin/sshd[sshd:1378] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.420553] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.446491] grsec: (root:U:/) denied send of signal 9 to protected task /usr/sbin/libvirtd[libvirtd:1307] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.472661] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.498633] grsec: (root:U:/) denied send of signal 9 to protected task /usr/sbin/cron[cron:1282] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.524919] grsec: (root:U:/) denied send of signal 9 to protected task /usr/sbin/acpid[acpid:1256] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.551298] grsec: (root:U:/) denied send of signal 9 to protected task /sbin/udevd[udevd:381] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.578129] grsec: (root:U:/) denied send of signal 9 to protected task /sbin/udevd[udevd:380] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.605572] grsec: (root:U:/) denied send of signal 9 to protected task /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.633770] grsec: (root:U:/) denied send of signal 18 to protected task /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.662840] grsec: (root:U:/) denied send of signal 18 to protected task /sbin/udevd[udevd:380] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.692759] grsec: (root:U:/) denied send of signal 18 to protected task /sbin/udevd[udevd:381] uid/euid:0/0 gid/egid:0/0, parent /sbin/udevd[udevd:277] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.723552] grsec: (root:U:/) denied send of signal 18 to protected task /usr/sbin/rsyslogd[rsyslogd:1242] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.755174] grsec: (root:U:/) denied send of signal 18 to protected task /usr/sbin/acpid[acpid:1256] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.787100] grsec: (root:U:/) denied send of signal 18 to protected task /usr/sbin/cron[cron:1282] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.819515] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.852381] grsec: (root:U:/) denied send of signal 18 to protected task /usr/sbin/libvirtd[libvirtd:1307] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.885604] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.885626] grsec: (root:U:/) denied send of signal 18 to protected task /usr/sbin/sshd[sshd:1378] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.885637] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.885646] grsec: (root:U:/) use of CAP_KILL denied for /sbin/killall5[killall5:1576] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.920122] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 99.923361] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1579] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.923381] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1579] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.924478] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1580] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.924496] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1580] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 99.925237] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1581] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/sendsigs[sendsigs:1546] uid/euid:0/0 gid/egid:0/0
[ 100.237095] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1583] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.271014] grsec: (root:U:/) denied send of signal 15 to protected task /usr/sbin/rsyslogd[rsyslogd:1242] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /sbin/start-stop-daemon[start-stop-daem:1584] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.337650] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1585] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.370448] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 100.406215] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1588] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.439040] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1588] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.472941] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1589] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.505801] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1589] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.539579] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1590] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.572548] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /usr/bin/tput[tput:1590] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/rsyslog[rsyslog:1582] uid/euid:0/0 gid/egid:0/0
[ 100.623886] grsec: (root:U:/) denied access of /etc/adjtime for writing by /etc/init.d/hwclock.sh[hwclock.sh:1591] uid/euid:0/0 gid/egid:0/0, parent /sbin/startpar[startpar:1518] uid/euid:0/0 gid/egid:0/0
[ 100.674424] grsec: (root:U:/) denied open of /dev/rtc0 for reading by /sbin/hwclock[hwclock:1592] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/hwclock.sh[hwclock.sh:1591] uid/euid:0/0 gid/egid:0/0
[ 100.744627] grsec: (root:U:/) denied access of /var/log/wtmp for writing by /sbin/halt[halt:1597] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/umountnfs.sh[umountnfs.sh:1593] uid/euid:0/0 gid/egid:0/0
[ 100.777639] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/rm[rm:1598] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/umountnfs.sh[umountnfs.sh:1593] uid/euid:0/0 gid/egid:0/0
[ 100.829207] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /bin/echo[echo:1600] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/networking[networking:1599] uid/euid:0/0 gid/egid:0/0
[ 100.866911] grsec: (root:U:/lib) denied access to hidden file /bin/dash by /lib/bridge-utils/ifupdown.sh[run-parts:1606] uid/euid:0/0 gid/egid:0/0, parent /bin/run-parts[run-parts:1605] uid/euid:0/0 gid/egid:0/0
[ 100.937035] grsec: (root:U:/) use of CAP_NET_ADMIN denied for /sbin/route[route:1611] uid/euid:0/0 gid/egid:0/0, parent /bin/dash[sh:1610] uid/euid:0/0 gid/egid:0/0
[ 100.969385] grsec: (root:U:/) use of CAP_SYS_TTY_CONFIG denied for /sbin/route[route:1611] uid/euid:0/0 gid/egid:0/0, parent /bin/dash[sh:1610] uid/euid:0/0 gid/egid:0/0
[ 101.038748] grsec: (root:U:/) denied open of /var/lib/urandom/random-seed for writing by /bin/dd[dd:1615] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/urandom[urandom:1612] uid/euid:0/0 gid/egid:0/0
[ 101.076220] grsec: more alerts, logging disabled for 10 seconds
Shutdown role does not work on Debian Wheezy
7 posts
• Page 1 of 1
Shutdown role does not work on Debian Wheezy
by daedalus » Sun Feb 12, 2012 2:57 pm
Hello, the default shutdown policy for RBAC seems to fail under some configurations (namely debian wheezy). Trying to reboot the machine will leave it unusable and it tries to ask root password for maintenance. By reading the kernel log it looks like the shutdown role is applied, somewhat, but is then dropped?
Last edited by daedalus on Tue Feb 14, 2012 4:30 pm, edited 1 time in total.
- daedalus
- Posts: 2
- Joined: Sun Feb 12, 2012 2:42 pm
Re: Shutdown role does not work on Debian Squeeze
by spender » Mon Feb 13, 2012 11:23 am
How did you shut the system down? Can you strace -f the command you used and mail me the log?
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: Shutdown role does not work on Debian Squeeze
by spender » Tue Feb 14, 2012 10:15 am
Your system seems to be using /run/initctl instead of the usual /dev/initctl. Here's the patch I just applied to gradm, you can just copy out the policy bits if you like:
Thanks for the report, and let me know if you continue to have any problems.
-Brad
- Code: Select all
commit 58f410812b0e20db6c4d33bc0db0713746834773
Author: Brad Spengler <spender@grsecurity.net>
Date: Tue Feb 14 09:11:14 2012 -0500
Add /run/initctl to the shutdown role, protect /run by default in RBAC
and automatically generate policies that protect it
diff --git a/gradm_analyze.c b/gradm_analyze.c
index ca2fe8b..8f1403b 100644
--- a/gradm_analyze.c
+++ b/gradm_analyze.c
@@ -667,6 +667,14 @@ analyze_acls(void)
errs_found++;
}
+ if (!check_permission(role, def_acl, "/run", &chk)) {
+ fprintf(stderr,
+ "Writing access is allowed by role %s to /run, the directory which "
+ "holds information for running services and potentially the initctl device.\n\n",
+ role->rolename);
+ errs_found++;
+ }
+
if (!stat("/lib/modules", &fstat) && !check_permission(role, def_acl, "/lib/modules", &chk)) {
fprintf(stderr,
"Writing access is allowed by role %s to /lib/modules, the directory which "
diff --git a/learn_config b/learn_config
index 02432f8..aceafe3 100644
--- a/learn_config
+++ b/learn_config
@@ -116,6 +116,7 @@ dont-reduce-path /opt
protected-path /etc
protected-path /lib
protected-path /boot
+protected-path /run
protected-path /usr
protected-path /opt
protected-path /var
diff --git a/policy b/policy
index 861bb66..613f0ac 100644
--- a/policy
+++ b/policy
@@ -271,9 +271,11 @@ subject /sbin/init rvkao
subject /sbin/halt rvkao
/ rwcdmlxi
/dev/initctl rwf
+ /run/initctl rwf
subject /sbin/shutdown rvkao
/ rwcdmlxi
/dev/initctl rwf
+ /run/initctl rwf
# Make sure to unauthenticate with gradm -u from
# the admin role after restarting a service
@@ -321,6 +323,7 @@ subject /
/proc/sys r
/sys h
/root r
+ /run r
/tmp rwcd
/var rwxcd
/var/tmp rwcd
Thanks for the report, and let me know if you continue to have any problems.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: Shutdown role does not work on Debian Squeeze
by daedalus » Tue Feb 14, 2012 4:30 pm
Thanks for the fix, works like charm!
p.s. I was a bit tired when I originally made the post but the system in question was actually running Debian testing (Wheezy). I fixed the original topic to better reflect reality
p.s. I was a bit tired when I originally made the post but the system in question was actually running Debian testing (Wheezy). I fixed the original topic to better reflect reality
- daedalus
- Posts: 2
- Joined: Sun Feb 12, 2012 2:42 pm
Re: Shutdown role does not work on Debian Wheezy
by shepherd » Thu Feb 16, 2012 8:44 am
Brad,
I went to git clone gradm to build an updated package for Debian, but this latest commit doesn't seem to be in the cvsweb tree.
Many thanks.
I went to git clone gradm to build an updated package for Debian, but this latest commit doesn't seem to be in the cvsweb tree.
Many thanks.
- shepherd
- Posts: 5
- Joined: Thu Feb 16, 2012 8:36 am
Re: Shutdown role does not work on Debian Wheezy
by spender » Thu Feb 16, 2012 10:06 am
It's there now, I hadn't pushed it out yet. I'll upload a new tarball tonight.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: Shutdown role does not work on Debian Wheezy
by shepherd » Thu Feb 16, 2012 12:14 pm
spender wrote:It's there now, I hadn't pushed it out yet. I'll upload a new tarball tonight.
-Brad
Thanks Brad
- shepherd
- Posts: 5
- Joined: Thu Feb 16, 2012 8:36 am
7 posts
• Page 1 of 1