grsecurity forums


https://forums.grsecurity.net./

jgroups & multicast

https://forums.grsecurity.net./viewtopic.php?f=3&t=4055

Page 1 of 1

jgroups & multicast

PostPosted: Tue Sep 30, 2014 8:43 am
by Stephane
Hi Brad,

I'm experiencing an issue using java jgroups v3.3.5 (RBAC is disabled for now on these hosts) but the kernel is patched (mprotect is disabled for java). My nodes cannot see each others using a multicast ip without any relevant logs. (With the same kernel config without the patch, it works perfectly...).
I've tried to turn off kernel.grsecurity.ip_blackhole but it doesn't change the behavior... any advice is welcome :)
Thanks

Re: jgroups & multicast

PostPosted: Tue Oct 07, 2014 7:41 am
by Stephane
Hi all,

For testing purposes, I've turn off everything with sysctl :

kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_chroot = 0
kernel.grsecurity.chroot_deny_fchdir = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_pivot = 0
kernel.grsecurity.chroot_deny_shmat = 0
kernel.grsecurity.chroot_deny_sysctl = 0
kernel.grsecurity.chroot_deny_unix = 0
kernel.grsecurity.chroot_enforce_chdir = 0
kernel.grsecurity.chroot_findtask = 0
kernel.grsecurity.chroot_restrict_nice = 0
kernel.grsecurity.consistent_setxid = 0
kernel.grsecurity.deter_bruteforce = 0
kernel.grsecurity.dmesg = 0
kernel.grsecurity.enforce_symlinksifowner = 0
kernel.grsecurity.fifo_restrictions = 0
kernel.grsecurity.grsec_lock = 0
kernel.grsecurity.harden_ipc = 0
kernel.grsecurity.harden_ptrace = 0
kernel.grsecurity.ip_blackhole = 0
kernel.grsecurity.lastack_retries = 4
kernel.grsecurity.linking_restrictions = 0
kernel.grsecurity.ptrace_readexec = 0
kernel.grsecurity.resource_logging = 0
kernel.grsecurity.rwxmap_logging = 0
kernel.grsecurity.signal_logging = 0
kernel.grsecurity.symlinkown_gid = 1006
kernel.grsecurity.timechange_logging = 0
kernel.grsecurity.tpe = 0
kernel.grsecurity.tpe_gid = 1005

and paxctl -pemrxs /usr/bin/java
and I still have the same problem, my jgroups nodes doesn't see each others using a multicast ip. If I try with the same kernel and same .config (of course without patching with grsec), it works !
I'll try to re-turn on kernel.grsecurity.*_logging and I see if I can find some interesting logs...

Re: jgroups & multicast

PostPosted: Tue Oct 07, 2014 9:24 am
by Stephane
Ok mea culpa, a simple configuration issue with jgroups (ipv4/ipv6), sorry guys for disturbing.
:oops:
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/