grsecurity forums

[harryhood]

I recently built a 2.4.30 kernel with grsecurity on a centos 3.4 server, w/ cpanel installed. For the grsecurity I selected the default "Medium" settings.

Upon booting to the new kernel, I was getting errors with named and trying to access cpanel or whm over https. The follow are what seem to be the relavent messages from the log files

Named

Code: Select all

Apr 19 21:50:00 servername kernel: grsec: signal 11 sent to /usr/sbin/rndc[rndc:27101] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0
Apr 19 21:50:00 servername kernel: grsec: signal 11 sent to /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0, parent /etc/rc.d/init.d/named[named:6756] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/rndc[rndc:27101] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0
Apr 19 21:50:00 servername kernel: grsec: signal 11 sent to /usr/sbin/rndc[rndc:31532] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/rndc[rndc:27101] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0
Apr 19 21:50:00 servername kernel: grsec: signal 11 sent to /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0, parent /etc/rc.d/init.d/named[named:6756] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/rndc[rndc:31532] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/rndc[rndc:18030] uid/euid:0/0 gid/egid:0/0
Apr 19 21:50:03 servername kernel: grsec: signal 11 sent to /usr/sbin/named[named:24564] uid/euid:25/25 gid/egid:25/25, parent /usr/sbin/named[named:1252] uid/euid:25/25 gid/egid:25/25


whm/cpanel over https (stunnel problem I believe)

Code: Select all

Apr 19 21:50:56 servername kernel: grsec: From xx.xx.xx.xx: signal 11 sent to /usr/bin/stunnel-4.04local[stunnel-4.04loc:10825] uid/euid:32001/32001 gid/egid:502/502, parent /usr/bin/stunnel-4.04local[stunnel-4.04loc:18306] uid/euid:32001/32001 gid/egid:502/502
Apr 19 21:50:56 servername kernel: grsec: From xx.xx.xx.xx: signal 11 sent to /usr/bin/stunnel-4.04local[stunnel-4.04loc:18306] uid/euid:32001/32001 gid/egid:502/502, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/bin/stunnel-4.04local[stunnel-4.04loc:10825] uid/euid:32001/32001 gid/egid:502/502, parent /usr/bin/stunnel-4.04local[stunnel-4.04loc:18306] uid/euid:32001/32001 gid/egid:502/502
Apr 19 21:52:06 servername kernel: grsec: From xx.xx.xx.xx: signal 11 sent to /usr/bin/host[host:7401] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/host[host:14280] uid/euid:0/0 gid/egid:0/0
Apr 19 21:52:06 servername kernel: grsec: From xx.xx.xx.xx: signal 11 sent to /usr/bin/host[host:14280] uid/euid:0/0 gid/egid:0/0, parent /usr/local/cpanel/whostmgr/bin/whostmgr[whostmgr:14358] uid/euid:0/0 gid/egid:0/0 by /usr/bin/host[host:7401] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/host[host:14280] uid/euid:0/0 gid/egid:0/0
Apr 19 21:52:47 servername kernel: grsec: From xx.xx.xx.xx: signal 11 sent to /usr/bin/stunnel-4.04local[stunnel-4.04loc:31019] uid/euid:32001/32001 gid/egid:502/502, parent /usr/bin/stunnel-4.04local[stunnel-4.04loc:30383] uid/euid:32001/32001 gid/egid:502/502
Apr 19 21:52:47 servername kernel: grsec: From xx.xx.xx.xx: signal 11 sent to /usr/bin/stunnel-4.04local[stunnel-4.04loc:30383] uid/euid:32001/32001 gid/egid:502/502, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/bin/stunnel-4.04local[stunnel-4.04loc:31019] uid/euid:32001/32001 gid/egid:502/502, parent /usr/bin/stunnel-4.04local[stunnel-4.04loc:30383] uid/euid:32001/32001 gid/egid:502/502

From what I have supplied can anyone suggest what might be the problem and what I could do to correct it?

Many thanks,

[harryhood]

Scratch this question. The problem wasn't grsecurity related at all. it was due to nptl.

[RuleMaN]

can you tell me how did you fix it ?

[harryhood]

can you tell me how did you fix it ?

http://www.choon.net/nptl.php