How to get starting with RBAC? [lame question] -add a role
Posted: Thu Dec 29, 2005 2:30 pmI wanted to start playing with RBAC, but I cant find a proper howto concerning simple questions:
1. how to build gradm2 (it was easy anyway, just ./configure && make install as root, as usuall)
2. how to add a role (I want a role called "raf256adm" - to which user "raf256" will authenticate with a password if he want to do speciall, administrative tasks. That is how it should be done right?)
I tried adding "role raf256adm l" as in:
# tail /etc/grsec/policy
subject /sbin/klogd
+CAP_SYS_ADMIN
subject /usr/sbin/cron
/dev/log rw
role raf256adm l
but it didnt worked:
# gradm -E
No role type specified for raf256adm on line 266 of /etc/grsec/policy.
The RBAC system will not be allowed to be enabled until this error is fixed.
3. how to learn the system
4. how to backup learning state, restore it, hand edit
5. how to enable, disable the protection basing on learned/edited rules
6. example - a simple C program that does something without RBAC, and that is stoped for doing it while protection is activated
1. how to build gradm2 (it was easy anyway, just ./configure && make install as root, as usuall)
2. how to add a role (I want a role called "raf256adm" - to which user "raf256" will authenticate with a password if he want to do speciall, administrative tasks. That is how it should be done right?)
I tried adding "role raf256adm l" as in:
# tail /etc/grsec/policy
subject /sbin/klogd
+CAP_SYS_ADMIN
subject /usr/sbin/cron
/dev/log rw
role raf256adm l
but it didnt worked:
# gradm -E
No role type specified for raf256adm on line 266 of /etc/grsec/policy.
The RBAC system will not be allowed to be enabled until this error is fixed.
3. how to learn the system
4. how to backup learning state, restore it, hand edit
5. how to enable, disable the protection basing on learned/edited rules
6. example - a simple C program that does something without RBAC, and that is stoped for doing it while protection is activated