grsecurity forums

Posted: **Fri Apr 23, 2004 8:59 am**

Hi Guys!

I'm fiddling around with grsecurity (have been running LIDS/SELinux/RSBAC before). But I can't get the learning mode to work. This is what I have done.
First the default "acl"
The added this at the bottom of the file

Code: Select all: subject /bin/ping lo { / h -CAP_ALL }

Then:

Code: Select all: # gradm -E # ping ... # ping ... # ping ... # gradm -D # gradm -L -O /etc/grsec/acl

But it's not working.
I have tested the full learning mode and that works.
Am I missing somthing here?
[/code]

Posted: **Fri Apr 23, 2004 10:14 am**

You did it wrog. You have to do:

#gradm -L /root/ping-learn.log -E
# ping ...
# ping ...
# ping ...
# gradm -D
# gradm -L -O /root/ping-acl

then you'll have the ping's ACL in /root/ping-acl. You can then check the new ACL and put them in /etc/grsec/acl

Claudio

Posted: **Sun Apr 25, 2004 3:31 pm**

After doing gradm -L /root/ping-learn.log -E
The file /root/ping-learn.log is zero bytes. :-?

Posted: **Mon Apr 26, 2004 9:44 am**

I used:

subject /bin/ping lo {
/ h
-CAP_ALL
bind disabled
connect disabled
}

And it worked here...

grsecurity forums

grsecurity2 learning mode.

grsecurity2 learning mode.