grsecurity forums


https://forums.grsecurity.net./

gradm learning mode

https://forums.grsecurity.net./viewtopic.php?f=3&t=217

Page 1 of 1

gradm learning mode

PostPosted: Sun Nov 24, 2002 3:23 am
by ryan
Ok well im having but one issue with gradm, i manualy configured most of my ACL's but i think its all borken my email. In anycase i tryed enabling the learning mode with just

/ l {
}

Obviously that didnt work so i did

/ l {
/ rwx
}

Then i got errors that gradm wont start insecurly (basicly).

so anyways i grabed default acl's, set learning mode and fixed a few small things gradm complained about (mainly /lib).

Now -- i enabled learning mode and proceed to check my email but it still wont work with gradm in learning mode. It only works with ACL completleyl off (gradm -D). So im assuming some ACL restrictions are staying inplace while in learning mode. How could i get gradm to do more verbose learning as in watch everything and learn from EVERYTHING going on, on the system (from every process). I know it would be a tad intensive but this way il beable to pick around the ACL it generates and work out were my email is messing up.

I use a rather intrusive control panel system called Ensim so allot of things are not very visable to the naked eye at a glance.

Any comments would be of help.

PostPosted: Sun Nov 24, 2002 3:38 am
by ryan
Ok i found that the problem is, gradm wont allow writable libs to load. Lib in this case is /lib/security/pam_ensimvwh.so

My issue now is that the pam_ensimvwh.so file is located in each virtual site on 'Ensim' (chroot enviroment), under /home/virtual/site#/fst/lib/security/pam_ensimvwh.so

is it possible to define wild cards in acl rules ? so i could do something like

/ {
/home/virtual/site*/fst/lib/ rx
}

PostPosted: Sun Nov 24, 2002 4:20 pm
by ryan
another question, whats a use for 'RES_CRASH'. It seems vaugly documented.

PostPosted: Sun Nov 24, 2002 5:42 pm
by spender
we don't support wildcards, though it's something we could do in the future. When it is supported, you'll have to remember that it won't work dynamically. eg. if you are using a wildcard that is supposed to represent 30 user directories, if you add another user directory while the ACL system is enabled, it won't include that new directory.

As for RES_CRASH, it's useful for if you're using PaX. It prevents daemons from being the target of exploit bruteforcing.

-Brad

PostPosted: Sun Nov 24, 2002 5:45 pm
by ryan
ya i just made a script to generate some rules for all my virtual sites. it works pretty well i guess and i love the ACL as is so all is good :).

PostPosted: Sun Nov 24, 2002 5:50 pm
by spender
as for the system-wide learning, it's going to be developed when we support nested ACLs.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/