but when i checked my port ... 113 isnt open ... when i use kernel without grsecurity ..
my identd workout fine ... would anyone can help me with my prob? how can i open
port 113 when i use grsecurity for my identd will be working .?
i
identd problem
6 posts
• Page 1 of 1
identd problem
by DMBreathn » Sat Aug 31, 2002 9:41 am
when i use kernel with grsecurity ... my identd wont workout ... but it starts OK ...
but when i checked my port ... 113 isnt open ... when i use kernel without grsecurity ..
my identd workout fine ... would anyone can help me with my prob? how can i open
port 113 when i use grsecurity for my identd will be working .?
i
but when i checked my port ... 113 isnt open ... when i use kernel without grsecurity ..
my identd workout fine ... would anyone can help me with my prob? how can i open
port 113 when i use grsecurity for my identd will be working .?
i
- DMBreathn
- Posts: 1
- Joined: Sat Aug 31, 2002 9:37 am
by decoder » Sun Sep 08, 2002 6:37 am
mmh i cant really think of what that could be. did u maybe enable socket restrictions in grsecurity? try disabling socket restrictions if so (under Network Protections). If that doesnt work, tell me what options u have enabled.
cu
decoder
cu
decoder
- decoder
- Posts: 8
- Joined: Sat Sep 07, 2002 10:08 pm
by spender » Sun Sep 08, 2002 9:13 pm
you didn't read the help for the proc restriction option. If you chose restrict to user only, you have to run the identd as root (not recommended). If you chose to allow a special group, you must run identd as that group so it can open up /proc/net/tcp.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by Tirppa » Mon May 05, 2003 6:48 am
I'm quite the newbie and have exactly the same problem I now could use a bit more step by step how to fix this "problem". I use debian and compiled 2.4.20 kernel with grsec 1.9.9g with medium security setting. My identd is running like: nobody 22718 0.0 0.8 1312 528 ? S 13:29 0:00 [gidentd]
I really could use the help. As soon as possible
I really could use the help. As soon as possible
- Tirppa
- Posts: 1
- Joined: Mon May 05, 2003 6:45 am
by spender » Mon May 05, 2003 10:08 am
as root:
ls -al /proc/net/tcp
You should see something similar to:
-r--r--r-- 1 root proc 0 May 5 10:11 /proc/net/tcp
Take note of the group name there. In this case, it is "proc".
I'm not familiar with the identd you are using, but what you want to do is modify its configuration so that it runs as this group.
-Brad
ls -al /proc/net/tcp
You should see something similar to:
-r--r--r-- 1 root proc 0 May 5 10:11 /proc/net/tcp
Take note of the group name there. In this case, it is "proc".
I'm not familiar with the identd you are using, but what you want to do is modify its configuration so that it runs as this group.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by nogownik » Mon May 19, 2003 7:30 am
first of all, use oidentd
http://ojnk.sourceforge.net/
compile, install and next edit
/etc/grsec/acl and add this:
/usr/local/sbin/oidentd Xo {
/usr/lib
/dev/null rw
/
/dev/console w
/usr/share/zoneinfo r
/usr/local/sbin/oidentd x
/proc/net/tcp r
/proc/net/ip_conntrack r
/lib rx
/etc r
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
+CAP_NET_BIND_SERVICE
connect {
0.0.0.0/0:53 stream dgram ip tcp udp
}
bind {
0.0.0.0:0 dgram ip
0.0.0.0:113 stream ip tcp
}
}
and YOU MUST have access to /proc/net/tcp and /proc/net/ip_contrack (if you want ident for masquaraded connection). see above
have fun.
work perfect for me
http://ojnk.sourceforge.net/
compile, install and next edit
/etc/grsec/acl and add this:
/usr/local/sbin/oidentd Xo {
/usr/lib
/dev/null rw
/
/dev/console w
/usr/share/zoneinfo r
/usr/local/sbin/oidentd x
/proc/net/tcp r
/proc/net/ip_conntrack r
/lib rx
/etc r
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
+CAP_NET_BIND_SERVICE
connect {
0.0.0.0/0:53 stream dgram ip tcp udp
}
bind {
0.0.0.0:0 dgram ip
0.0.0.0:113 stream ip tcp
}
}
and YOU MUST have access to /proc/net/tcp and /proc/net/ip_contrack (if you want ident for masquaraded connection). see above
have fun.
work perfect for me
- nogownik
- Posts: 3
- Joined: Mon Mar 03, 2003 6:57 am
6 posts
• Page 1 of 1