Grsecurity logging
Posted: Fri Jun 17, 2005 2:59 pmHi all! I am a bit confused by the Grsecurity logging system. Isn't Grsecurity supposed to log all access violations? Or do I need to enable this somehow?
The problem is that a process on my server encounters a problem and then tries to send me an email about the problem. Unfortunately nothing about this problem appears in the log, except for the final result:
I have solved the sendmail problem by running the full learning mode again (running only in learning mode for /usr/bin/sendmail didn't work for some reason). I do however wonder why I got the 'denied executable mmap' error instead of an access violation...
I am running Grsecurity v2.1.5 with the 2.4.30 kernel (the newest version is not yet available for my distro).
The problem is that a process on my server encounters a problem and then tries to send me an email about the problem. Unfortunately nothing about this problem appears in the log, except for the final result:
grsec: (root:U:/) denied executable mmap of /usr/sbin/sendmail by /usr/sbin/sendmail[sendmail:18828] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:17456] uid/euid:0/0 gid/egid:0/0
I have solved the sendmail problem by running the full learning mode again (running only in learning mode for /usr/bin/sendmail didn't work for some reason). I do however wonder why I got the 'denied executable mmap' error instead of an access violation...
I am running Grsecurity v2.1.5 with the 2.4.30 kernel (the newest version is not yet available for my distro).