grsecurity forums

by **ameen** » Sun Apr 13, 2003 1:28 am

the sysctl option execve_limiting does not work with grsecurity 1.9.9e

gives the following error:
error: 'kernel.grsecurity.execve_limiting' is an unknown key

I would like to fix this as i dont wan it enabld cause it floods my logs.

by **spender** » Sun Apr 13, 2003 12:43 pm

could you paste the logs that you are being flooded with?

-Brad

by **ameen** » Sun Apr 13, 2003 1:18 pm

One box:

rsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:2526) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:8611) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 208.61.180.223: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:3459) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:16107) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:17373) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:23283) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:31302) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)

Another box:
grsec: From 152.163.189.198: attempted resource overstep by requesting 763908096 for RLIMIT_AS against limit 145338026 by (httpd:18299) UID(99) EUID(99), parent (httpd:23442) UID(99) EUID(99)
grsec: From 152.163.189.198: attempted resource overstep by requesting 763908096 for RLIMIT_AS against limit 145338026 by (httpd:18299) UID(99) EUID(99), parent (httpd:23442) UID(99) EUID(99)
grsec: From 152.163.188.164: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:32602) UID(99) EUID(99), parent (httpd:20792) UID(99) EUID(99)
grsec: From 152.163.188.164: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:32602) UID(99) EUID(99), parent (httpd:20792) UID(99) EUID(99)
grsec: From 152.163.188.68: attempted resource overstep by requesting 762564608 for RLIMIT_AS against limit 145338026 by (httpd:12515) UID(99) EUID(99), parent (httpd:25242) UID(99) EUID(99)
grsec: From 152.163.188.68: attempted resource overstep by requesting 762564608 for RLIMIT_AS against limit 145338026 by (httpd:12515) UID(99) EUID(99), parent (httpd:25242) UID(99) EUID(99)
grsec: From 152.163.189.230: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:463) UID(99) EUID(99), parent (httpd:19496) UID(99) EUID(99)
grsec: From 152.163.189.230: attempted resource overstep by requesti

by **spender** » Sun Apr 13, 2003 2:01 pm

That's the resource logging, which can be turned off in the Kernel Auditing section of the config.

The logs suggest that there are some bugs in your applications though. Normal program operation should not cause such alerts.

-Brad

by **ameen** » Sun Apr 13, 2003 4:15 pm

so this is not adjustable thru sysctl? I dont see any sysctl optiin for resource logging

grsecurity forums

RLIMIT and sysctl

RLIMIT and sysctl