grsecurity forums

[salam]

Hello,

What rule i need to set to acl to permit this? (it is a dynamic ssh tunnel, which does not work and log returns this message:)

Code: Select all

grsec: From xxxxxxxx: (user:U:/usr/sbin/sshd) denied socket(inet,stream,tcp) by /usr/sbin/sshd[sshd:12864] uid/euid:1000/1000 gid/egid:100/100, parent /usr/sbin/sshd[sshd:32082] uid/euid:0/0 gid/egid:0/0

what is a "socket(inet,stream,tcp)"? there is no ip or port specified so i don't understand it very well

[mnalis]

Code: Select all

grsec: From xxxxxxxx: (user:U:/usr/sbin/sshd) denied socket(inet,stream,tcp) by /usr/sbin/sshd[sshd:12864] uid/euid:1000/1000 gid/egid:100/100, parent /usr/sbin/sshd[sshd:32082] uid/euid:0/0 gid/egid:0/0

it means that socket(2) calls are not allowed.
if you've enabled GRKERNSEC_SOCKET, you need to add user running it to correct group (for example GRKERNSEC_SOCKET_ALL_GID)

if you've not enabled GRKERNSEC_SOCKET, you need to allow binding to the port.
I've had a problem with

Code: Select all

denied socket(inet,dgram,ip)

and have fixed it with

Code: Select all

bind 0.0.0.0/32:0 dgram ip

rule. So yours probably would be fixed by

Code: Select all

bind 0.0.0.0/32:0 stream tcp

[spender]

The log says it's a tcp socket being created, so add some rule to your policy like:

bind 0.0.0.0/0:1 stream tcp

and then you'll get another error that will be more specific (giving you the IP and port being used) If it happens to be a connect, add a connect rule and remove the bind rule, otherwise modify your bind rule so that it matches the behavior observed.

-Brad

[salam]

solved. thanks for the tips