grsecurity forums

Hi!
A friend of me updated my kernel and installed grsec. at the same time. Since that day, I cant seem to get my ident-server (oidentd) to work.. is there some reason it wouldnt work due to some grsec. config?
if so, how can I fix it?

OndRkee wrote:Since that day, I cant seem to get my ident-server (oidentd) to work.. is there some reason it wouldnt work due to some grsec. config?

this is a rather vague description, can you be more specific? also, can you look at your syslogs and see if there's anything logged by PaX or grsec?

when I try to connecte to an irc-server, this appears in the syslog:
Apr 9 23:59:51 localhost oidentd[10693]: Connection from irc.banetele.no (213.239.111.2):0
Apr 9 23:59:51 localhost oidentd[10693]: [irc.banetele.no] 33705 , 6667 : ERROR : NO-USER

the reason I "suspect" grsec. to be the reason of this error, is that this install is a 99% match of my old box, except that this kernel is patched with grsec.
Unfortiunable the dude who did it for me is gone for some days, so I cant get help from he atm..

Whats happening is your oidentd is running as user nobody or some user that nolonger has permisison to read /proc/net/dev

What I do to get oidnetd working is I create a user,group for proc
groupadd -g 75 proc
useradd -s /bin/false -d /proc -u 75 proc
passwd -l proc
I then edit my /etc/fstab from
-- default --
proc /proc proc defaults 0 0
-- pimp --
proc /proc proc defaults,uid=75,gid=75 0 0

Option: edit your /etc/oidentd.conf

# you may want to hide root connections
user "root" {
default {
force reply "UNKNOWN"
}
}

user "proc" {
default {
force reply "auth"
}
}
---------------
Oh and make sure you start your oidentd as user proc
oidentd -u proc -g proc -p 113 -r unknown

If you neabled proc limitations, try setting the group uder which the ident daemon runs to the group to which you limited access to the /proc filesystem.
For me this works with identd.