Where does GRSecurity keep it ACLs?
Posted: Wed Jan 07, 2004 5:41 pm
Hi,
I've been reading my newly purchased book (Hacking Linux Exposed, Second Edition, very nice for the clueless n00b like me who want to help keep crackers at bay). Under a section entitled "Proactive security measures", both LIDS and GrSecurity are mentioned. The author spends a great amount of time on LIDS, and only mentions GRSecurity briefly, as much of the ground of ACLs was already covered in the LIDS section.
Anyway, to the point. The author mentions that GrSecurity has ACLS like LIDS does, and to me, GRSecurity seems more 'complete'. But... the big but, the book also says "Unlike LIDS ACLs, which are all generated by successive executions of the lidsadm command [...] grsecurity keeps all of it's ACLs in files that are easy to read and manipulate." From what I understand, this means that a hacker may be able to get access to the ACL files and find out what restrictions are in place.
The book is a little out of date, I was wondering if this was still the case, or if the statement is even accurate.
Thanks in advance for your time.
-Ribs.
PS. Waiting for a patch for 2.6.0 kernel
I've been reading my newly purchased book (Hacking Linux Exposed, Second Edition, very nice for the clueless n00b like me who want to help keep crackers at bay). Under a section entitled "Proactive security measures", both LIDS and GrSecurity are mentioned. The author spends a great amount of time on LIDS, and only mentions GRSecurity briefly, as much of the ground of ACLs was already covered in the LIDS section.
Anyway, to the point. The author mentions that GrSecurity has ACLS like LIDS does, and to me, GRSecurity seems more 'complete'. But... the big but, the book also says "Unlike LIDS ACLs, which are all generated by successive executions of the lidsadm command [...] grsecurity keeps all of it's ACLs in files that are easy to read and manipulate." From what I understand, this means that a hacker may be able to get access to the ACL files and find out what restrictions are in place.
The book is a little out of date, I was wondering if this was still the case, or if the statement is even accurate.
Thanks in advance for your time.
-Ribs.
PS. Waiting for a patch for 2.6.0 kernel