grsecurity forums


https://forums.grsecurity.net./

Issues in"Kernel Auditing" at 2.4.27 + grsecurity-

https://forums.grsecurity.net./viewtopic.php?f=3&t=915

Page 1 of 1

Issues in"Kernel Auditing" at 2.4.27 + grsecurity-

PostPosted: Thu Aug 19, 2004 7:21 am
by Stev
Hi,

i'm trying to enable Kernel Auditing at two i586 Boxen running
linux-2.4.27 + grsecurity-2.0.1-2.4.27.
I enabled everything important for me, problem is that nothing is
getting logged. It makes no difference if i nail it on a special GID or
if i set it to globally logging.

The Distros used are once Debian 3.0, the other Box is SuSE 9.0

The interresting parts of my kernel .config looks like this:
(i use same .config on both boxen)

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
(If you need any more Information please let me know)

Can anyone confirm this problem and/or has a workaround/patch
so i t finally works ? :)

Regards,
Stev

PostPosted: Thu Aug 19, 2004 8:37 am
by torne
If you have sysctl support enabled for grsecurity, then all non-PaX options are off by default until enabled in /proc/sys/kernel/grsecurity, including the auditing options.

PostPosted: Thu Aug 19, 2004 8:59 am
by Stev
torne wrote:If you have sysctl support enabled for grsecurity, then all non-PaX options are off by default until enabled in /proc/sys/kernel/grsecurity, including the auditing options.


Oh, a quick "sysctl -w kernel/grsecurity/exec_logging=1" fixed it indeed.
Thanks alot for the fast response! :-)

Regards,
Stefv
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/