klogd entry in default configuration is duplicated?
Posted: Thu Oct 06, 2005 6:49 amI should use gradm2 -E to edit rules for grsecurity AFAIK? (btw, is there a detailed tutorial about this somewhere yet?)
after default instalation (2.6.13.2 from kernle.org + spender's patch for 2.6.13.2 kernel) and after isntalling gradm2 (debian unstable) I get wrong config, is it a bug in gradm2 package (I suppose the package created /etc/grsec2/policy file) or am I doing something wrong?
so I just moved the one line
+CAP_SYS_ADMIN
from 2nd entry to the first one
There where simmilar problem with sbin/cron, the second rule had /dev/log rw so I moved that to the 1st rule... but the first rule already had that line so I just deleted it (delete totally the 2nd rule of /sbin/cron subject)
Is it the same thing?
Because teh first rules are
subject <PROGRAM> dpo { ...
and the second rules where without the "dpo" thingy...
After thoes changes I get:
root@lore:/home/raf256# gradm2 -E
Error opening: /etc/grsec2/pw
open: No such file or director
what should I do?
after default instalation (2.6.13.2 from kernle.org + spender's patch for 2.6.13.2 kernel) and after isntalling gradm2 (debian unstable) I get wrong config, is it a bug in gradm2 package (I suppose the package created /etc/grsec2/policy file) or am I doing something wrong?
- Code: Select all
root@lore:/home/raf256# gradm2 -E
Duplicate subject found for "/sbin/klogd" in role default, on line 302 of /etc/grsec2/policy.
"/sbin/klogd" references the same object as "/sbin/klogd" specified on an earlier line.
The RBAC system will not load until this error is fixed.
- Code: Select all
root@lore:/home/raf256# grep -nC 3 klogd /etc/grsec2/policy
205-# connect 192.168.1.0/24:22 stream tcp
206-# bind 0.0.0.0 stream dgram tcp udp
207-
208:subject /sbin/klogd dpo {
209- / h
210- /dev h
211- /dev/log rw
--
298-subject /usr/bin/ssh
299- /etc/ssh/ssh_config r
300-
301:subject /sbin/klogd
302- +CAP_SYS_ADMIN
303-
304-subject /usr/sbin/cron
so I just moved the one line
+CAP_SYS_ADMIN
from 2nd entry to the first one
There where simmilar problem with sbin/cron, the second rule had /dev/log rw so I moved that to the 1st rule... but the first rule already had that line so I just deleted it (delete totally the 2nd rule of /sbin/cron subject)
Is it the same thing?
Because teh first rules are
subject <PROGRAM> dpo { ...
and the second rules where without the "dpo" thingy...
After thoes changes I get:
root@lore:/home/raf256# gradm2 -E
Error opening: /etc/grsec2/pw
open: No such file or director
what should I do?