hi..
i tried several times yesterday to get access to the archive (yes.. i am subscribed to the mailing list). since it seemed that i forgot my password, i hit the "send me my password" button.. never got any mail.
the i tried to send a message to the list.
never got a copy from that message.
plus: i got a problem with learning mode:
i've created a very very basic acl set
then enabled gradm -E
it filled my log quite fast (several megabyte/minute)
nearly every line says
Feb 26 02:00:41 [kernel] grsec: LEARN:771:342834:0:0::21
but there are a few others:
Feb 26 01:59:26 [kernel] grsec:
LEARN:771:342834:2304:703166:/var/log/kernel:16
Feb 26 01:59:26 [kernel] grsec:
LEARN:771:342834:2304:703165:/var/log/kernel:65552
or
Feb 26 01:59:26 [kernel] grsec: LEARN:771:342834:201552:201552::1
when i run "gradm -L /var/log/grsecurity/current -O acl" (this is where my
logfile is located) it does nothing but removing the "l" from the subject
modes.
this should be grsecurity-1.9.9c with gradm-1.7b on my gentoo box
my learning mode acl:
/ l {
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_STACK 0 0
RES_RSS 0 0
RES_NPROC 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_AS 0 0
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
/usr/sbin/pure-ftpd lo {
/usr/sbin/pure-ftpd x
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_STACK 0 0
RES_RSS 0 0
RES_NPROC 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_AS 0 0
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
/usr/sbin/metalog lo {
/usr/sbin/metalog x
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_STACK 0 0
RES_RSS 0 0
RES_NPROC 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_AS 0 0
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
mailing list down? (and a ACL problem)
4 posts
• Page 1 of 1
mailing list down? (and a ACL problem)
by convoi » Wed Feb 26, 2003 7:39 am
- convoi
- Posts: 2
- Joined: Wed Feb 26, 2003 7:34 am
by spender » Wed Feb 26, 2003 7:18 pm
I don't think you're using the newest version of grsecurity. If you're using the version supplied with gentoo, it's been out of date for several months now, as they haven't bothered to update. The version they are using doesn't support msyslog/syslog-ng, which your log output shows me you are using. 1.9.9c has support for this, and learning mode will then work for it.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by convoi » Tue Mar 04, 2003 4:14 pm
well i'm not using the gentoo kernel but wolk-v4.0s-rc1 which says to have
grsecurity v1.9.9c Final
i am also not using syslog-ng but metalog.
but still.. thanks, i'll guess i run without acl's first and mess with them on my workstation
grsecurity v1.9.9c Final
i am also not using syslog-ng but metalog.
but still.. thanks, i'll guess i run without acl's first and mess with them on my workstation
- convoi
- Posts: 2
- Joined: Wed Feb 26, 2003 7:34 am
4 posts
• Page 1 of 1