Newbie needs your help...

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Newbie needs your help...

Postby ummajera » Tue Jun 03, 2003 7:14 pm

Hi all,

I'm using the latest stable release of grsecurity (1.9.9h I belive). I've set up my ACLs real tight, but now I have a major problem.

grsec: denied open of /var/log/syslog for reading by (cat:29869) UID(0) EUID(0), parent (logcheck:3773) UID(0) EUID(0)

grsec: denied open of /var/log/auth.log for reading by (cat:32525) UID(0) EUID(0), parent (logcheck:7570) UID(0) EUID(0)

grsec: denied unlink of /var/lib/logcheck/cleaned/logcheck.cracking by (rm:2007) UID(0) EUID(0), parent (logcheck:30631) UID(0) EUID(0)

Now, logcheck is a script that has access to all of these files. But it runs other processes to actually get any information from them. I do not wish to open /var/log for reading to root nor would I like root to get /var/lib/logcheck rw. Is there any way arround this? Or do I need to run my loging on another machine...

Thanks,
Adam
ummajera
 
Posts: 4
Joined: Tue Jun 03, 2003 7:09 pm

Inherit

Postby goodbyte » Wed Jun 04, 2003 2:04 am

You should try the inherit flags. Something along the lines of:

Code: Select all
/usr/bin/logcheck {
    /var/log r
    /var/lib/logcheck rw
    /bin/cat xi
}


Which will make cat inherit the acl when executed from within logcheck. (There is a better explanation in the documentation.) Note that root can execute logcheck which will modify the files, even though root can't modify the files directly. This may/may not be an issue depending on the structure of logcheck (how it parses command line aguments etc.).
goodbyte
 
Posts: 32
Joined: Sun May 12, 2002 4:33 am

Thanks...

Postby ummajera » Thu Jun 05, 2003 11:40 pm

Yes, that did it. Thanks! :D
ummajera
 
Posts: 4
Joined: Tue Jun 03, 2003 7:09 pm


Return to grsecurity support