grsecurity forums


https://forums.grsecurity.net./

RLIMIT and sysctl

https://forums.grsecurity.net./viewtopic.php?f=3&t=383

Page 1 of 1

RLIMIT and sysctl

PostPosted: Sun Apr 13, 2003 1:28 am
by ameen
the sysctl option execve_limiting does not work with grsecurity 1.9.9e

gives the following error:
error: 'kernel.grsecurity.execve_limiting' is an unknown key

I would like to fix this as i dont wan it enabld cause it floods my logs.

PostPosted: Sun Apr 13, 2003 12:43 pm
by spender
could you paste the logs that you are being flooded with?

-Brad

PostPosted: Sun Apr 13, 2003 1:18 pm
by ameen
One box:

rsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:2526) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:8611) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 208.61.180.223: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:3459) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:16107) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:17373) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:23283) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:31302) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)



Another box:
grsec: From 152.163.189.198: attempted resource overstep by requesting 763908096 for RLIMIT_AS against limit 145338026 by (httpd:18299) UID(99) EUID(99), parent (httpd:23442) UID(99) EUID(99)
grsec: From 152.163.189.198: attempted resource overstep by requesting 763908096 for RLIMIT_AS against limit 145338026 by (httpd:18299) UID(99) EUID(99), parent (httpd:23442) UID(99) EUID(99)
grsec: From 152.163.188.164: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:32602) UID(99) EUID(99), parent (httpd:20792) UID(99) EUID(99)
grsec: From 152.163.188.164: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:32602) UID(99) EUID(99), parent (httpd:20792) UID(99) EUID(99)
grsec: From 152.163.188.68: attempted resource overstep by requesting 762564608 for RLIMIT_AS against limit 145338026 by (httpd:12515) UID(99) EUID(99), parent (httpd:25242) UID(99) EUID(99)
grsec: From 152.163.188.68: attempted resource overstep by requesting 762564608 for RLIMIT_AS against limit 145338026 by (httpd:12515) UID(99) EUID(99), parent (httpd:25242) UID(99) EUID(99)
grsec: From 152.163.189.230: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:463) UID(99) EUID(99), parent (httpd:19496) UID(99) EUID(99)
grsec: From 152.163.189.230: attempted resource overstep by requesti

PostPosted: Sun Apr 13, 2003 2:01 pm
by spender
That's the resource logging, which can be turned off in the Kernel Auditing section of the config.

The logs suggest that there are some bugs in your applications though. Normal program operation should not cause such alerts.

-Brad

PostPosted: Sun Apr 13, 2003 4:15 pm
by ameen
so this is not adjustable thru sysctl? I dont see any sysctl optiin for resource logging
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/