weird behaviour
Posted: Wed Apr 10, 2002 12:37 am
Hi i've just installed the patch and gradm. I'm getting weird behaviour from gradm though.
For starters if I hide /etc/shadow and then enable gr-sec - it isn't hidden. Also, If I type the wrong password when enabling (-E) gr-sec it still enables.
Should I include my acl's here?
Oh well, here they are.
Thanks
TheFinn
file.acl:
/ rwx
/etc/rc.d rx
/etc/passwd ar
/etc/shadow hwr
/var/log/wtmp rw
/var/log ar
/var/log/httpd wr
/tmp rw
/etc/grsec hr
/boot r
/lib rx
/usr rx
/usr/src hrwx
/etc/lilo.conf r
/bin rx
/sbin rx
proc.acl:
/bin/su {
/ rwx
/etc/shadow ro
}
/bin/login {
/etc/shadow ro
/var/log/lastlog rwo
}
/etc/rc.d/init.d/halt vk {
/ rwx
+CAP_SYS_ADMIN
+CAP_SYS_RAWIO
+CAP_NET_ADMIN
}
/etc/rc.d/rc vk {
/ rwx
+CAP_SYS_ADMIN
+CAP_NET_ADMIN
}
/usr/sbin/xinetd {
/ rwx
+CAP_NET_BIND_SERVICE
}
For starters if I hide /etc/shadow and then enable gr-sec - it isn't hidden. Also, If I type the wrong password when enabling (-E) gr-sec it still enables.
Should I include my acl's here?
Oh well, here they are.
Thanks
TheFinn
file.acl:
/ rwx
/etc/rc.d rx
/etc/passwd ar
/etc/shadow hwr
/var/log/wtmp rw
/var/log ar
/var/log/httpd wr
/tmp rw
/etc/grsec hr
/boot r
/lib rx
/usr rx
/usr/src hrwx
/etc/lilo.conf r
/bin rx
/sbin rx
proc.acl:
/bin/su {
/ rwx
/etc/shadow ro
}
/bin/login {
/etc/shadow ro
/var/log/lastlog rwo
}
/etc/rc.d/init.d/halt vk {
/ rwx
+CAP_SYS_ADMIN
+CAP_SYS_RAWIO
+CAP_NET_ADMIN
}
/etc/rc.d/rc vk {
/ rwx
+CAP_SYS_ADMIN
+CAP_NET_ADMIN
}
/usr/sbin/xinetd {
/ rwx
+CAP_NET_BIND_SERVICE
}