System shutdown.

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

System shutdown.

Postby mily » Sat Aug 06, 2005 11:01 am

Hi everybody.
I'm using new kernel with GrSec and I have a problem with it.

To activate grsec, I need to type gradm -E, but I want to start it automatically when system boots-up. It's no problem. I've added it into runlevel. Now it starts automatically and works very nice.

But i'm typing shutdown -r now and ..... System hang up, system cannot unload modules, cannot unmount / and cannot stop services :(. Yeah, it's possible to reboot computer, by typing gradm -D before every shutdown, but i don't want to type password everytime, when I want to shutdown system.

Is it posiible to reboot system without stopping GrSecurity ??
mily
 
Posts: 1
Joined: Sat Aug 06, 2005 11:00 am

Postby Xerxes83 » Wed Aug 10, 2005 4:43 am

I am also interested in this, since my system won't shutdown while Grsecurity is activated. And disabling Grsecurity before shutting down the system defeats the purpose of using a RBAC system... you just make an exploit that does all the bad stuff when it receives a KILL signal.
Xerxes83
 
Posts: 8
Joined: Fri Jun 17, 2005 2:03 pm

Postby majuri » Mon Sep 12, 2005 12:49 pm

I have exactly the same problem, if I run reboot from console, system will start shutdown, but RBAC won't get disabled, and system wont boot.

Funny thing is that sshd doesn't get disabled. And Im still able to login via ssh, auth myself to admin, and run reboot. And if I run reboot via ssh, RBAC enabled, system will boot.
majuri
 
Posts: 1
Joined: Mon Sep 12, 2005 12:47 pm

Re: System shutdown.

Postby schmeggahead » Thu Jan 21, 2010 2:09 pm

I set the system for full learning and shutdown the system
I set the system for full learning and restarted the system
I generated the roles for each and combined

I'm in the process of testing it.
I would be interested in your run script that starts gradm -E
Did you run it in boot level and where is it in relation to when sysctl is executed?
I would think that there is a potential for exploit prior to the running of the init script, so was interested in where you placed it (before others run, etc.)

I would think you would have to start with the script set to full learning on boot to get a viable policy set for startup.
schmeggahead
 
Posts: 5
Joined: Thu Jan 21, 2010 1:09 pm


Return to grsecurity support

cron