RLIMIT and sysctl

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

RLIMIT and sysctl

Postby ameen » Sun Apr 13, 2003 1:28 am

the sysctl option execve_limiting does not work with grsecurity 1.9.9e

gives the following error:
error: 'kernel.grsecurity.execve_limiting' is an unknown key

I would like to fix this as i dont wan it enabld cause it floods my logs.
ameen
 
Posts: 10
Joined: Sat Oct 12, 2002 9:22 pm

Postby spender » Sun Apr 13, 2003 12:43 pm

could you paste the logs that you are being flooded with?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby ameen » Sun Apr 13, 2003 1:18 pm

One box:

rsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:2526) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:8611) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 208.61.180.223: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:3459) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:16107) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:17373) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:23283) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)
grsec: From 217.129.55.58: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by (ipop3d:31302) UID(0) EUID(0), parent (xinetd:6993) UID(0) EUID(0)



Another box:
grsec: From 152.163.189.198: attempted resource overstep by requesting 763908096 for RLIMIT_AS against limit 145338026 by (httpd:18299) UID(99) EUID(99), parent (httpd:23442) UID(99) EUID(99)
grsec: From 152.163.189.198: attempted resource overstep by requesting 763908096 for RLIMIT_AS against limit 145338026 by (httpd:18299) UID(99) EUID(99), parent (httpd:23442) UID(99) EUID(99)
grsec: From 152.163.188.164: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:32602) UID(99) EUID(99), parent (httpd:20792) UID(99) EUID(99)
grsec: From 152.163.188.164: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:32602) UID(99) EUID(99), parent (httpd:20792) UID(99) EUID(99)
grsec: From 152.163.188.68: attempted resource overstep by requesting 762564608 for RLIMIT_AS against limit 145338026 by (httpd:12515) UID(99) EUID(99), parent (httpd:25242) UID(99) EUID(99)
grsec: From 152.163.188.68: attempted resource overstep by requesting 762564608 for RLIMIT_AS against limit 145338026 by (httpd:12515) UID(99) EUID(99), parent (httpd:25242) UID(99) EUID(99)
grsec: From 152.163.189.230: attempted resource overstep by requesting 762568704 for RLIMIT_AS against limit 145338026 by (httpd:463) UID(99) EUID(99), parent (httpd:19496) UID(99) EUID(99)
grsec: From 152.163.189.230: attempted resource overstep by requesti
ameen
 
Posts: 10
Joined: Sat Oct 12, 2002 9:22 pm

Postby spender » Sun Apr 13, 2003 2:01 pm

That's the resource logging, which can be turned off in the Kernel Auditing section of the config.

The logs suggest that there are some bugs in your applications though. Normal program operation should not cause such alerts.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby ameen » Sun Apr 13, 2003 4:15 pm

so this is not adjustable thru sysctl? I dont see any sysctl optiin for resource logging
ameen
 
Posts: 10
Joined: Sat Oct 12, 2002 9:22 pm


Return to grsecurity support