problems in stage 2 with gradm
Posted: Sun Jul 07, 2013 4:44 pmMy distribution provides its own version of gradm, which I am trying to make use of, and its version is called gradm2. The command for it is at "/sbin/gradm2", and using it with only the "-h" options shows the same set of options as described online. However,
when I run this command if fails: gradm -F -L /etc/grsec/learning.logs
And the message is this: Could not open /dev/grsec2.
I looked for that file too, but it is not there. I do see this one, /dev/grsec, which I am inclined to think was put there when I compiled the patched kernel. Since the Debian distro uses gradm2, it would appear that it expects to find /dev/grsec2 as well, naturally. My first inclination is to just rename grsec to grsec2 and run with it, but I am not sure that is the best way to proceed here. Also, I am not sure whether other such renaming issues should now be made?
Any ideas would be welcome about this issue?
I should point out another issue that has arisen as a result of installing the Debian version of gradm2. In the procedure here for compiling gradm, the steps included a point where a password was to be created. Specifically,
"Finally, and most importantly, you will be asked to provide the administrative password for the RBAC system. Choose a long password, but one that you will remember (especially if you start gradm from an initscript). Do not use the same password as your root password."
Since my installation of the Debian version did not include creating a password, I now would need to make one. Not having one generated automatically ends up creating another issue in the enablement process, and one needs to be made manually to get started. I think this point should be highlighted in the instructions for future reference to help others save time.
Thanks.
when I run this command if fails: gradm -F -L /etc/grsec/learning.logs
And the message is this: Could not open /dev/grsec2.
I looked for that file too, but it is not there. I do see this one, /dev/grsec, which I am inclined to think was put there when I compiled the patched kernel. Since the Debian distro uses gradm2, it would appear that it expects to find /dev/grsec2 as well, naturally. My first inclination is to just rename grsec to grsec2 and run with it, but I am not sure that is the best way to proceed here. Also, I am not sure whether other such renaming issues should now be made?
Any ideas would be welcome about this issue?
I should point out another issue that has arisen as a result of installing the Debian version of gradm2. In the procedure here for compiling gradm, the steps included a point where a password was to be created. Specifically,
"Finally, and most importantly, you will be asked to provide the administrative password for the RBAC system. Choose a long password, but one that you will remember (especially if you start gradm from an initscript). Do not use the same password as your root password."
Since my installation of the Debian version did not include creating a password, I now would need to make one. Not having one generated automatically ends up creating another issue in the enablement process, and one needs to be made manually to get started. I think this point should be highlighted in the instructions for future reference to help others save time.
Thanks.
So, since it was pretty much near the beginning of getting set up anyway, I decided to reinstall the whole shebang. That's done. Now I get to redo the patch thing and pick up where I left off. I don't know if there is anything I can do especially differently to avoid breaking it again, but I was wondering about a different approach. Two questions come to mind. First, I suppose there is no harm in preferring to make use of the very most recent kernel available for which you have made a patch rather than picking an arbitrary one? Secondly, I could be way wrong about this idea, but it seems to me that there are good arguments for preferring to apply the patched kernel "in the beginning" of a system configuration instead of waiting until a number of major programs (e.g., VirtualBox) has been installed. I say this because I am under the impression that during the installation of some, if not many, programs, the installation and configuration would actually depend on what is allowed by the kernel itself. Therefore, getting the kernel set up for the most part would be a good thing to have in place before trying to install programs. Otherwise, I end up with having to fix or reinstall programs after modifying the kernel. One thing is certainly clear, I am better off compiling gradm instead of using the repo's version despite the instruction to the contrary.