"learned" ACLs: no network rules?
Posted: Tue Sep 24, 2002 6:38 am
Hi,
I'm totally new to grsecurity. So please forgive me.
I've just created an acl.learn containing exactly the contents out of the documentation. I used it to learn ACLs for my sshd. But after flushing the new learned ACL it doesn't even containg anything but shared libraries. No networkrealted stuff.
When I then try to start sshd using a startscript from SuSE with ACLs enabled, it crashes with a segv. After that I have to restart my computer, doing anything else almost always leads to a complete lock of the used console.
Then I tried to teach him the ACLs by calling sshd directly (no rc-script). And after reactivating with those rules fired I started the sshd again "alone". Now it doesn't crash, but just says "too many open files". Oh, the learned ACL didn't contain any network stuff either. Therfore I think I did something wrong while learning (perhaps this "script" doesn't work. BTW: I did it by hand of course, but "bash" is faster than "english" :
But my /var/log/grsec file doesn't say anything!
I'm quite confused. As already mentioned in this forum, I should update to the newest version. I'm using grsec-1.9.7-2.4.19 with gradm-1.5. Is there perhaps any hidden CVS I should know about?
Thanks a lot for your help!
Marcel
I'm totally new to grsecurity. So please forgive me.
I've just created an acl.learn containing exactly the contents out of the documentation. I used it to learn ACLs for my sshd. But after flushing the new learned ACL it doesn't even containg anything but shared libraries. No networkrealted stuff.
When I then try to start sshd using a startscript from SuSE with ACLs enabled, it crashes with a segv. After that I have to restart my computer, doing anything else almost always leads to a complete lock of the used console.
Then I tried to teach him the ACLs by calling sshd directly (no rc-script). And after reactivating with those rules fired I started the sshd again "alone". Now it doesn't crash, but just says "too many open files". Oh, the learned ACL didn't contain any network stuff either. Therfore I think I did something wrong while learning (perhaps this "script" doesn't work. BTW: I did it by hand of course, but "bash" is faster than "english" :
- Code: Select all
echo $STUFF_FROM_DOCU > /etc/grsec/acl.learn
# cat /etc/grsec/acl.learn | sed s/bin/\/usr\/sbin\/sshd/ > /etc/grsec/acl.sshd
# echo "include </etc/grsec/acl.sshd>" > /etc/grsec/acl
# rcsshd stop
# gradm -E
# /usr/sbin/sshd
> remote: several succeding and failing logins using different users
# killall /usr/sbin/sshd
# gradm -D
# rm /etc/grsec/acl.sshd
# gradm -L -O /etc/grsec/acl.sshd
# gradm -E
# /usr/sbin/sshd
bash: /usr/sbin/sshd: Too many open files
But my /var/log/grsec file doesn't say anything!
I'm quite confused. As already mentioned in this forum, I should update to the newest version. I'm using grsec-1.9.7-2.4.19 with gradm-1.5. Is there perhaps any hidden CVS I should know about?
Thanks a lot for your help!
Marcel