grsecurity forums

Grsecurity works like a charm on Debian Sarge, very easy to install.I have only one nagging mesage i would like to get rid of.

Use of CAP_SYS_ADMIN denied for /sbin/klogd [klogd: 22100]
parent of /sbin/init.

Solved.

Would be nice if you could post your solution for this.

Got the same error pointing to klogd after finishing full learning mode.

Code: Select all

gradm -E


Code: Select all

grsec: (default:D:/) use of CAP_SYS_ADMIN denied for /sbin/klogd [klogd:3055] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds


Tried to add /sbin/klogd x to /etc/grsec/acl, nothing happened:

Code: Select all

 subject /sbin/klogd o {
        /                               h
        /sbin/klogd                 x
        -CAP_ALL
        +CAP_SYS_ADMIN
        bind    disabled
        connect disabled
}


Code: Select all

gradm -a admin
Passwort:

gradm -R


Debian Sarge, Kernel 2.6.7 , Gradm 2.01

the policy file is /etc/grsec/policy, no longer /etc/grsec/acl.

-Brad

>grsec: (default:D:/) use of CAP_SYS_ADMIN denied for /sbin/klogd
>[klogd:3055] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0
>gid/egid:0/0
>grsec: more alerts, logging disabled for 10 seconds
>
>Tried to add /sbin/klogd x to /etc/grsec/acl, nothing happened:
>
>subject /sbin/klogd o {
> / h
> /sbin/klogd x
> -CAP_ALL
> +CAP_SYS_ADMIN
> bind disabled
> connect disabled
>}

Note the "(default:D:/)" text that appears at the log message. That means that klogd is not executing under its subject, but under default role, default subject. Perhaps you have to adjust something. Better use the learning system by appending an "l" (letter l, not number 1) to the "o" after the path of klogd.

(How does one use this stupid phpbb quoting system?).

I already solved his problem. If he adds the subject to the correct file, /etc/grsec/policy, it will work as expected.

-Brad