Page 1 of 1

Could not open /dev/grsec.

PostPosted: Tue Dec 07, 2004 1:48 am
by AxeIA
After I do this:

tar -zxf gradm-2.0.2.tar.gz
cd gradm2
make
make install

I try to enable the system so that I can use grsecurity, and i get this error message.

Could not open /dev/grsec.
open: no such device or address

The file appears to be in the /dev/ folder but i can do nothing with it. Is this how i use grsecurity features. Is there another way to use grsecurity. All that i want to do is be able to demonstrate some of the features of grsecurity for school.

PostPosted: Tue Dec 07, 2004 12:55 pm
by spender
Is your system patched with grsecurity 2.0.2?

-Brad

PostPosted: Tue Dec 07, 2004 1:03 pm
by AxeIA
Yes it is patched with that.

PostPosted: Tue Dec 07, 2004 2:48 pm
by spender
Can you show me your config? and an output of uname -a?

-Brad

PostPosted: Tue Dec 07, 2004 3:59 pm
by AxeIA
Thnx for your help brad. Im not the most experience person when dealing with this stuff. Where is the config file. I think i know how to do the other part, but if you could just let me know how to find the config file. Thnx Again

PostPosted: Tue Dec 07, 2004 4:56 pm
by spender
The filename is .config wherever your linux kernel source tree is at (eg. /usr/src/linux). I only need to see the CONFIG_GRKERNSEC_* lines (they'll be at the bottom of the config).

-Brad

PostPosted: Tue Dec 07, 2004 5:50 pm
by AxeIA
# Grsecurity
#
CONFIG_GRKERNSEC=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_SHA256=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# PaX Control
#
# CONFIG_GRKERNSEC_PAX_SOFTMODE is not set
CONFIG_GRKERNSEC_PAX_EI_PAX=y
CONFIG_GRKERNSEC_PAX_PT_PAX_FLAGS=y
CONFIG_GRKERNSEC_PAX_NO_ACL_FLAGS=y
# CONFIG_GRKERNSEC_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_GRKERNSEC_PAX_HOOK_ACL_FLAGS is not set

#
# Address Space Protection
#
CONFIG_GRKERNSEC_PAX_NOEXEC=y
CONFIG_GRKERNSEC_PAX_PAGEEXEC=y
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
# CONFIG_GRKERNSEC_PAX_EMUTRAMP is not set
CONFIG_GRKERNSEC_PAX_MPROTECT=y
# CONFIG_GRKERNSEC_PAX_NOELFRELOCS is not set
CONFIG_GRKERNSEC_PAX_ASLR=y
CONFIG_GRKERNSEC_PAX_RANDKSTACK=y
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_PAX_RANDEXEC=y
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
# CONFIG_GRKERNSEC_BRUTE is not set
# CONFIG_GRKERNSEC_HIDESYM is not set

#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDISN=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
# CONFIG_GRKERNSEC_SOCKET is not set

#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set

#
# Logging options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

PostPosted: Tue Dec 07, 2004 6:06 pm
by spender
What's your uname look like? Also, are you using any special /dev handlers, like devfs, udev, etc, or just the default? Is grsecurity the only patch applied to the vanilla kernel?

-Brad

PostPosted: Tue Dec 07, 2004 6:09 pm
by AxeIA
Linux localhost 2.6.8.1-ltt #3 Wed Sep 29 13:05:56 MDT 2004 i686 unknown

that is what my uname says. I think that it is pointing to the wrong kernel, because im using 2.4.28. How do i fix that. grsecurity is the only patch and i am not using any other handlers

PostPosted: Tue Dec 07, 2004 6:27 pm
by AxeIA
Never mind about the pointing to the wrong kernel. I am just using the 2.6.8.1 so that i can use the internet. Sorry. Anyway if you could get back to me and give me hand that would be awesome.