Problems with learning mode

Submit your RBAC policies or suggest policy improvements

Problems with learning mode

Postby niz » Mon Sep 09, 2002 6:43 am

Problem is that learning mode makes bad acl:s for my sshd.

There is my learning log:

Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:8:8::7
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:778528:778528::9
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:9192:9192::3
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:16
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:1
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:8
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:1925408:1925408::9
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:3088672:3088672::9
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:17384:17384::3
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:6:429:/dev/log:16
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:8450:941:/var/run:16
Sep 9 13:27:10 radiation kernel: grsec: LEARN:8450:55912:8450:10811:/var/run/sshd.pid:4
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:8
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:8
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:46704:46704::2
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:13:/dev/urandom:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:13:/dev/urandom:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:2005:/etc/ssh/sshd_config:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:2005:/etc/ssh/sshd_config:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:53983:/etc/resolv.conf:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:53983:/etc/resolv.conf:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:10710:/etc/ssh/ssh_host_rsa_key:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:10710:/etc/ssh/ssh_host_rsa_key:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:10726:/etc/ssh/ssh_host_dsa_key:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:10726:/etc/ssh/ssh_host_dsa_key:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:930:/etc/nsswitch.conf:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:930:/etc/nsswitch.conf:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:67057:/etc/ld.so.cache:8
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:43794:/lib/libnss_compat-2.2.5.so:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:43794:/lib/libnss_compat-2.2.5.so:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:43794:/lib/libnss_compat-2.2.5.so:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:43794:/lib/libnss_compat-2.2.5.so:8
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:43794:/lib/libnss_compat-2.2.5.so:8
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:11839:/etc/passwd:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:11839:/etc/passwd:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:65187:/var/run/sshd:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:0:0::6
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:35:35::6
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:2:/:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:2:/:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:8:/dev/null:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:8:/dev/null:5
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:16:/dev/tty:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:16:/dev/tty:5
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:2:/:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:2:/:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:0.0.0.0:22:1:6:1
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:0:0::10
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:67184:67184::2
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:6:429:/dev/log:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:8450:941:/var/run:16
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:0:0:/var/run/sshd.pid:4
Sep 9 13:27:12 radiation kernel: grsec: LEARN:8450:55912:50006:50006::1
Sep 9 13:28:21 radiation kernel: grsec: LEARN:8450:16206:29:29::7

and there is result:

/usr/sbin/sshd o {
/lib/ld-linux.so.2 rx
/lib/libcrypt.so.1 rx
/lib/libc.so.6 rx
/usr/lib/libcrypto.so.0.9.6 rx
/lib/libnsl.so.1 rx
/usr/lib/libz.so.1 rx
/lib/libutil.so.1 rx
/lib/libdl.so.2 rx
/lib/libpam.so.0 rx
/lib/libwrap.so.0 rx
/usr/sbin/sshd x
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_STACK 0 0
RES_RSS 0 0
RES_NPROC 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_AS 0 0
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}

why there is only libs in result?
niz
 
Posts: 19
Joined: Mon Sep 09, 2002 6:12 am

Postby spender » Mon Sep 09, 2002 7:28 am

update to the current cvs. My guess is that you're using 1.9.6. It's been fixed in the current CVS for a while now.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development

cron