a deny while in full learn mode?
Posted: Sun Oct 26, 2014 4:22 pm
how weird ... a deny while in full learn mode?
I can read the file with other things (some python I wrote, or uniq, or sort, etc.), but not gradm
And I had to run "gradm -D" twice to disable it.
- Code: Select all
# sort -u learning.log > learning.log.uniq
# wc -l learning.log.uniq
4799481 learning.log.uniq
# gradm -F -L learning.log -O policy
Unable to open learning log: /etc/grsec/learning/learning.log.
Error: No such file or directory
# dmesg -T | tail
[Sun Oct 26 21:06:44 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15533] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:15530] uid/euid:0/0 gid/egid:0/0
I can read the file with other things (some python I wrote, or uniq, or sort, etc.), but not gradm
And I had to run "gradm -D" twice to disable it.
- Code: Select all
# gradm -D
Password:
# time gradm -F -L learning.log.uniq -O policy
Unable to open learning log: /etc/grsec/learning/learning.log.uniq.
Error: No such file or directory
# gradm -D
Password:
# gradm -D
The operation you requested cannot be performed because the RBAC system is currently disabled.
# time gradm -F -L learning.log.uniq -O policy
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
[...]
- Code: Select all
[Sun Oct 26 21:06:25 2014] grsec: shutdown auth success for /sbin/gradm[gradm:15515] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:25 2014] grsec: (default:D:/sbin/gradm) grsecurity 3.0 RBAC system loaded by /sbin/gradm[gradm:15520] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/pm-grsec[pm-grsec:15518] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:30 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log.uniq by /sbin/gradm[gradm:15526] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:33 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15527] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:39 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15528] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:44 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15533] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:15530] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:08:24 2014] grsec: shutdown auth success for /sbin/gradm[gradm:15574] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0