RBAC Learning Issue?
Posted: Sun Dec 07, 2014 5:08 pm
I've had full system learning enabled on my system for the last week. I've made sure I sent a few emails from my webmail client.
Today I completed the policy generation from the full logs and turned it on to test with.
When I try to send a mail via my webmail client, it didn't work. I got the following RBAC message:
This struck me as odd, because I'd made sure I did a lot of learning of sending mail. No worries, I stuck the following in my policy file:
I ran gradm -E -L /tmp/pf.log
And now I can send mail. I sent a few and checked the pf.log file. It's 0 bytes, it's empty. So I can't learn from it.
I realise I can fix this manually, but I am now worried - are there going to be a lot of other things I haven't learnt?
It seems GRSEC isn't learning this? Am I doing something wrong?
I am using the version of grsecurity available for 3.17.4 on the 27th November, and gradm-3.0-201408301734.tar.gz
Tim
Today I completed the policy generation from the full logs and turned it on to test with.
When I try to send a mail via my webmail client, it didn't work. I got the following RBAC message:
- Code: Select all
grsec: (root:U:/usr/lib/postfix/smtpd) denied socket(inet,stream,ip) by /usr/lib/postfix/smtpd[smtpd:21728] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/postfix/master[master:5872] uid/euid:0/0 gid/egid:0/0
This struck me as odd, because I'd made sure I did a lot of learning of sending mail. No worries, I stuck the following in my policy file:
- Code: Select all
# Role: root
subject /usr/lib/postfix/smtpd ol {
I ran gradm -E -L /tmp/pf.log
And now I can send mail. I sent a few and checked the pf.log file. It's 0 bytes, it's empty. So I can't learn from it.
I realise I can fix this manually, but I am now worried - are there going to be a lot of other things I haven't learnt?
It seems GRSEC isn't learning this? Am I doing something wrong?
I am using the version of grsecurity available for 3.17.4 on the 27th November, and gradm-3.0-201408301734.tar.gz
Tim