Page 1 of 1
How to get rid of successful link message?
Posted:
Sat Jan 29, 2005 3:02 pmby uof
In a newest version there are annoying successful link messages in syslog, how to get rid of it, as I use qmail and it makes links all the time my log is ful of these messages?
Posted:
Tue Feb 01, 2005 10:09 pmby spender
What kernel version? What version of grsecurity? Can you paste the logs? Are you using the RBAC system?
-Brad
Posted:
Wed Feb 02, 2005 3:17 amby uof
kernel 2.4.29
grsec 2.0.2
RBAC is on
and the message is:
Jan 31 23:44:21 kernel: grsec: From 81.168.222.85: (default:D:/) successful link of /var/qmail/queue/intd/400943 to todo/400943 by /var/qmail/bin/qmail-queue[qmail-queue:31777] uid/euid:549/105 gid/egid:504/504, parent /usr/bin/perl5.00503[perl5.00503:17929] uid/euid:549/549 gid/egid:504/504
there's a lot of it, and previous versions of grsec didn't emit this
Posted:
Wed Feb 02, 2005 10:05 amby spender
Upgrade to 2.1.1
-Brad
Posted:
Wed Feb 02, 2005 10:14 amby uof
Sorry, I was wrong, I'm using grsecurity 2.1.1 for 2.4.29 - I was too lazy to check it
Posted:
Thu Feb 03, 2005 1:27 pmby spender
Then you must have "L" in addition to "l" on the object in question. The link wouldn't have been possible if you didn't modify your policy file. "L" causes the message you're seeing, since it's an auditing flag.
-Brad
Posted:
Thu Feb 03, 2005 3:07 pmby uof
You are right, I'm using this flag, thanks for the solution