grsecurity forums

Hello!
I had the grsec tool running in learning mode for 10secs, then i stopped it to see how much it learned in 10secs.

Now i had the learning mode on for about 24h, and a "/sbin/gradm -L -O acl.new" is running for at least 2 hours now.
grad is using 98% CPU and a tail -f acl.new does just show me a emty file.

is this normal?

Cheers, Spiekey

Are you using grsecurity 1.9.x or 2.0?

2.0 is quite a bit faster with learning, but still with a 12MB learning log or so will take a good 10 minutes. It only writes out the file at the very end, so yes it would be normal for there to be nothing in the file yet.

-Brad

i am using 1.9.x
I let it run for 4 hours now, on a p3 800MHz box. I just killed it.
The new.acl file was created, but it is empty.

Whats going on here?

How large was your logfile?

-Brad

do you mean the acl.new file or a diffrent log file?
It did not print any logs into /var/log/messages

This is my acl config

Code: Select all


/ {
        /               r
        /opt            rx
        /home           rx
        /mnt            rw
        /dev
        /dev/hdc?       rw
        /dev/urandom    r
        /dev/random     r
        /dev/zero       rw
        /dev/input      rw
        /dev/psaux      rw
        /dev/null       rw
        /dev/tty?       rw
        /dev/console    rw
        /dev/tty        rw
        /dev/ttyp?      rw
        /dev/pts        rw
        /dev/ptmx       rw
        /dev/dsp        rw
        /dev/mixer      h
        /dev/fd0        h
        #/dev/cdrom     h
        /dev/mem        h
        /dev/kmem       h
        /dev/port       h
        /bin            rx
        /sbin           rx
        /lib            rx
        /usr            rx
        /etc            rx
        /etc/ssh        h
        /proc           rwx
        /proc/kcore     h
        /proc/sys       r
        /root           r
        /tmp            rw
        /var            rwx
        /var/tmp        rw
        /var/log        r
        #/boot          h
        /etc/grsec      h
        /var/log/localrsync w
        -CAP_SYS_TTY_CONFIG
        -CAP_LINUX_IMMUTABLE
        -CAP_NET_RAW
        -CAP_MKNOD
        -CAP_SYS_ADMIN
        -CAP_SYS_RAWIO
        -CAP_SYS_MODULE
        -CAP_SYS_PTRACE
        -CAP_NET_ADMIN
        -CAP_NET_BIND_SERVICE
        -CAP_SYS_CHROOT
}

/usr/sbin/httpd lo {

/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_RSS 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_STACK 0 0
RES_AS 0 0
RES_NPROC 0 0
RES_LOCKS 0 0

connect {
        disabled
        }

bind    {
        disabled
        }

}


And I started it with gradm -E.
Did i do anything wrong?

Cheers, Spiekey