Page 1 of 1

Full learning mode on a production system?

PostPosted: Sun Apr 18, 2004 9:30 pm
by schiffi
Hi!

I upgraded to grsec 2.0 on a production system and wanted to use the full learning mode (-F) but that seems to prevent my system from working... I was not using the ACL system in 1.9.xx (only the chroot restrictions and PaX) but want to give it a try with the new full learning mode now.

what i did:

- put shipped acl file into /etc/grsec
- #> gradm -F -L /etc/grsec/learning-logs

result: system does not respond anymore. I am logged in via ssh ... seems that the connection is cut off.
then I tried to comment out all subjects and add the (l)earn flag to the admin and the default role. Same result.

So my question is:
Does the full learning mode force any ACLs to be enabled so my ssh connection gets cut off immediately? apache does not answer anymore on the net, too when I try to use gradm -F

any hints?

-Marc