First thank you all for this great grsecurity!
... and now to my problem.
After I install grsecurity and RFTM and make some testing I am now at 1 point I have no idea.
I activated the Full learning mode for some days and analyse it and make my acl better and better.
But when I enable my grsec it make problem.
The first one bis problem is that after enable grsec I cannot connect to mine dedicated server with ssh from outside.
- Code: Select all
peterpa@nbpeter:~> ssh root@81.3.x.x
Connection closed by 81.3.x.x
peterpa@nbpeter:~>
So I post my acl here:
- Code: Select all
# cat acl
#sample default process acl for grsecurity
# Role flags:
# A -> This role is an administrative role, thus it has special privilege normal
# roles do not have. In particular, this role bypasses the
# additional ptrace restrictions
# N -> Don't require authentication for this role. To access
# the role, use gradm -n <rolename>
# s -> This role is a special role, meaning it does not belong to a
# user or group, and does not fall under ACL enforcement
# u -> This role is a user role
# g -> This role is a group role
# G -> This role can use gradm to authenticate to the kernel
# An ACL for gradm will automatically be added to the role
# T -> Enable TPE for this role
# l -> Enable learning for this role
#
# a role can only be one of user, group, or special
#
# role_allow_ip IP/optional netmask
# eg: role_allow_ip 192.168.1.0/24
# You can have as many of these per role as you want
# They restrict the use of a role to a list of IPs. If a user
# is on the system that would normally get the role does not
# belong to those lists of IPs, the system falls back through
# its method of determining a role for the user
#
# Role hierarchy
# user -> group -> default
# First a user role attempts to match, if one is not found,
# a group role attempts to match, if one is not found,
# the default role is used.
#
# role_transitions <special role 1> <special role 2> ... <special role n>
# eg: role_transitions www_admin dns_admin
#
# role transitions specify which special roles a given role is allowed
# to authenticate to. This applies to special roles that do not
# require password authentication as well. If a user tries to
# authenticate to a role that is not within his transition table, he
# will receive a permission denied error
#
# Nested subjects
# subject /bin/su:/bin/bash:/bin/cat
# / rwx
# +CAP_ALL
# grant privilege to specific processes if they are executed
# within a trusted path. In this case, privilege is
# granted if /bin/cat is executed from /bin/bash, which is
# executed from /bin/su.
#
# Configuration inheritance on nested subjects
# nested subjects inherit rules from their parents. In the
# example above, the nested subject would inherit rules
# from the nested subject for /bin/su:/bin/bash,
# and the subject /bin/su
# View the 1.9.x documentation for more information on
# configuration inheritance
#
# new modes:
# m -> allow creation of setuid/setgid files/directories
# and modification of files/directories to be setuid/setgid
# M -> audit the setuid/setgid creation/modification
# c -> allow creation of the file/directory
# C -> audit the creation
# d -> allow deletion of the file/directory
# D -> audit the deletion
#
# New learning system:
# To learn on a given subject: add l (the letter l, not the number 1)
# to the subject mode
# To learn on a given role, add l to the role mode
# For both of these, to enable learning, enable the system like:
# gradm -L /etc/grsec/learning.logs -E
# and then generate the rules after disabling the system after the
# learning phase with:
# gradm -L /etc/grsec/learning.logs -O /etc/grsec/acl
# To use full system learning, enable the system like:
# gradm -F -L /etc/grsec/learning.logs
# and then generate the rules after disabling the system after the
# learning phase with:
# gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/acl
role admin sA
subject /
/ rwcdmxi
# the d flag protects /proc fd and mem entries for sshd
subject /usr/local/sbin/sshd lo {
/ h
/bin h
/bin/bash x
/dev
/dev/log rw
/dev/null r
/dev/ptmx rw
/dev/pts* rw
/dev/tty rw
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/etc r
/etc/passwd r
/etc/shadow r
/etc/ssh r
/etc/ssh/moduli r
/etc/grsec h
/lib h
/lib/libnss_dns-2.3.2.so rx
/lib/libresolv-2.3.2.so rx
/proc
/proc/kcore h
/proc/sys h
/root
/var h
/var/empty
/var/log rw
/var/log/lastlog rw
/var/log/wtmp w
/var/run/utmp rw
#MUSS NOCH GEAENDERT WERDEN!!!
/proc* rwx
-CAP_ALL
+CAP_CHOWN
+CAP_FOWNER
+CAP_FSETID
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
+CAP_SYS_TTY_CONFIG
bind 0.0.0.0/32:0 dgram ip
connect 81.3.4.66/32:53 dgram udp
}
subject /usr/local/sbin/pure-ftpd o
/
/dev h
/dev/log rw
/dev/urandom r
/etc h
/etc/passwd r
/etc/ssh h
/etc/grsec h
/etc/group r
/etc/shadow h
/lib rx
/proc h
/proc/loadavg r
/usr h
/usr/lib/locale/locale-archive r
/usr/local/lib
/usr/local/sbin/pure-ftpd x
/usr/share/zoneinfo/UTC r
/var h
/var/run/pure-ftpd* rwcd
/sbin h
/sbin/insmod x
-CAP_ALL
+CAP_DAC_OVERRIDE
+CAP_NET_BIND_SERVICE
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
bind 81.3.4.70/32:21-65000 stream tcp
connect disabled
subject /usr/sbin/crond o
/ h
/bin h
/bin/bash x
/etc h
/etc/group r
/etc/passwd r
/root
/tmp* rwcd
/var h
/var/qmail/bin/sendmail x
/var/spool/cron/crontabs* r
-CAP_ALL
+CAP_DAC_READ_SEARCH
+CAP_SETGID
bind disabled
connect disabled
subject /var/qmail/bin/qmail-queue o
/ h
/dev h
/dev/null rw
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/local/lib
/var xwcd
/var/log h
-CAP_ALL
bind disabled
connect disabled
subject /var/qmail/bin/qmail-lspawn o {
/ h
/var/qmail
/var/qmail/queue/mess/* r
/var/qmail/users/cdb r
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
bind disabled
connect disabled
}
subject /wwwrun/apache_1.3.29/bin/httpd o
/ h
/etc r
/etc/ld.so.cache r
/etc/ssh h
/etc/grsec h
/etc/shadow h
/lib rx
/usr h
/usr/local/lib
/usr/share/zoneinfo/UTC r
/wwwrun h
/wwwrun/apache_1.3.29
/wwwrun/apache_1.3.29/bin h
/wwwrun/apache_1.3.29/bin/httpd x
/wwwrun/apache_1.3.29/bin/suexec
/wwwrun/apache_1.3.29/conf r
/wwwrun/apache_1.3.29/libexec rx
/wwwrun/apache_1.3.29/logs
/wwwrun/apache_1.3.29/logs/access_log a
/wwwrun/apache_1.3.29/logs/error_log a
/wwwrun/apache_1.3.29/logs/httpd.pid w
/dev
/dev/null rw
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/proc/kcore h
/proc/sys h
/var/log h
-CAP_ALL
+CAP_KILL
+CAP_SETGID
+CAP_SETUID
+CAP_NET_BIND_SERVICE
bind 0.0.0.0/32:80 stream tcp
connect disabled
role nobody u
role_allow_ip 0.0.0.0/32
role_allow_ip 217.236.55.193/32
role_allow_ip 195.97.59.147/32
role_allow_ip 207.101.106.5/32
role_allow_ip 62.101.126.236/32
role_allow_ip 216.129.235.184/32
role_allow_ip 66.196.90.249/32
role_allow_ip 66.196.90.155/32
subject / {
/ h
/etc/services r
/etc/mtab r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/proc h
/proc/meminfo r
/tmp h
/tmp/mysql.sock rw
/usr/share/zoneinfo/UTC r
/var/log
/www r
-CAP_ALL
bind disabled
connect disabled
}
role default G
role_transitions admin
subject / o
/ h
-CAP_ALL
bind disabled
connect disabled
subject /bin/bash2 o
/var h
/var/tmp/a.swp w
/var/tmp rw
/var/spool/mail/gr
/var/run/utmp rw
/usr h
/usr/share/vim/vim61/syntax/syntax.vim r
/usr/share/vim/vim61/syntax/synload.vim r
/usr/share/vim/vim61/syntax/syncolor.vim r
/usr/share/vim/vim61/scripts.vim r
/usr/share/vim/vim61/plugin/rrhelper.vim r
/usr/share/vim/vim61/plugin/netrw.vim r
/usr/share/vim/vim61/plugin/gzip.vim r
/usr/share/vim/vim61/plugin/explorer.vim r
/usr/share/vim/vim61/plugin r
/usr/share/vim/vim61/macros/vimrc r
/usr/share/vim/vim61/filetype.vim r
/usr/share/terminfo/x/xterm r
/usr/share/terminfo/v/vt100 r
/usr/share/locale/locale.alias r
/usr/lib/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES rxi
/usr/lib/locale/en_US/LC_MESSAGES r
/usr/lib/locale/en_US rxi
/usr/lib/libncurses.so.5.2 rxi
/usr/lib/libgpm.so.1.18.0 rxi
/usr/lib/gconv/gconv-modules.cache rxi
/usr/lib/gconv/ISO8859-1.so rxi
/usr/bin/uptime xi
/usr/bin xi
/usr/X11R6/bin
/sbin h
/sbin/consoletype xi
/proc/6404/statm r
/proc/6404/stat r
/proc/6404/cmdline r
/proc/6331/statm r
/proc/6331/stat r
/proc/6331/cmdline r
/proc r
/usr/bin/passwd h
#/usr/bin/wget h
/lib rxi
/lib/ld-2.2.5.so xi
/lib/i686/libc-2.2.5.so rxi
/home h
/home/*/a
/home/*/.viminfo.tmp w
/home/*/.viminfo w
/home/*/.bashrc r
/home/*/.bash_profile r
/home/*/.bash_logout r
/home/*/.bash_history ra
/home/*/.a.swpx w
/home/*/.a.swp w
/home/* rw
/etc/sysconfig/i18n r
/etc/profile.d rxi
/etc/ld.so.cache rxi
/etc/ h
/dev/tty rw
/dev/null w
/dev h
/bin xi
/bin/bash2 xi
/ h
/bin/bash h # Available shells on my system Disabled
/bin/sh h
/bin/ash h
/bin/bsh h
/bin/tcs h
/bin/csh h
/bin/false h
-CAP_ALL
bind disabled
connect disabled
role qmails u
role_allow_ip 0.0.0.0/32
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
role qmail g
role_allow_ip 0.0.0.0/32
subject /
/ h
/var/qmail/bin/qmail-remote x
/var/qmail/queue/mess/9/897607 r
-CAP_ALL
bind disabled
connect disabled
role qmaild u
role_allow_ip 81.3.4.67/32
subject / {
/ h
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/local/bin/relay-ctrl-check x
/usr/local/lib
/var rx
/var/log h
-CAP_ALL
bind disabled
connect disabled
}
role qmailq u
role_allow_ip 0.0.0.0/32
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /var/qmail/bin/qmail-clean o
/ h
/var wd
/var/log h
/var/qmail/queue/intd/9
/var/qmail/queue/intd/9/897607 wd
/var/qmail/queue/mess/9
/var/qmail/queue/mess/9/897607 wd
/var/qmail/queue/todo/9
/var/qmail/queue/todo/9/897607 wd
-CAP_ALL
bind disabled
connect disabled
subject /var/qmail/bin/qmail-remote o
/ h
/etc h
/etc/ld.so.cache r
/etc/resolv.conf r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libresolv-2.3.2.so rx
/usr h
/usr/local/lib
/var h
/var/qmail
/var/qmail/bin/qmail-remote x
/var/qmail/control/me r
/var/qmail/queue/lock/tcpto rw
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip
connect 81.3.4.66/32:53 dgram udp
connect 81.3.4.67/32:25 stream tcp
subject /var/qmail/bin/qmail-send o {
/ h
/var rwcd
/var/log h
/var/qmail
/var/qmail/bin h
/var/qmail/bin/qmail-queue x
/var/qmail/queue h
/var/qmail/queue/info* rwcd
/var/qmail/queue/local* rwcd
/var/qmail/queue/lock* r
/var/qmail/queue/mess* r
/var/qmail/queue/remote* r
/var/qmail/queue/todo r
/var/qmail/queue/bounce* rwcd
-CAP_ALL
bind disabled
connect disabled
}
role alias u
role_allow_ip 0.0.0.0/32
subject /
/ h
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/local/lib
/var h
/var/qmail
/var/qmail/alias
/var/qmail/alias/.qmail-postmaster r
/var/qmail/alias/.qmail-root r
/var/qmail/bin/qmail-local x
/var/qmail/bin/qmail-queue x
-CAP_ALL
bind disabled
connect disabled
role qmailp u
role_allow_ip 0.0.0.0/32
subject /
/ h
/etc h
/etc/ld.so.cache r
/etc/nsswitch.conf r
/etc/passwd r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libnss_files-2.3.2.so rx
/usr h
/usr/local/lib
/var h
/var/qmail/bin/qmail-getpw x
-CAP_ALL
bind disabled
connect disabled
role mysql u
# Die IP ist hier fraglich!!!
role_allow_ip 217.236.42.209/32
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/local/mysql/bin/mysqld o {
/ h
/etc h
/etc/group r
/etc/my.cnf r
/etc/nsswitch.conf r
/etc/passwd r
/proc h
/proc/sys/kernel/version r
/usr/local/mysql
/usr/local/mysql/data/* rwcd
/usr/share/zoneinfo/UTC r
/tmp
/tmp/mysql.sock wc
-CAP_ALL
+CAP_DAC_OVERRIDE
+CAP_SETGID
+CAP_SETUID
bind disabled
connect disabled
}
subject /usr/local/mysql/bin/mysqld_safe o {
/
/bin x
/etc h
/etc/ld.so.cache r
/etc/mtab r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libdl-2.3.2.so rx
/lib/libncurses.so.5.3 rx
/proc h
/proc/meminfo r
/usr h
/usr/bin h
/usr/bin/expr x
/usr/bin/nice x
/usr/bin/nohup x
/usr/local rxa
/dev
/dev/null w
/dev/tty rw
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/var/log h
-CAP_ALL
+CAP_DAC_OVERRIDE
bind disabled
connect disabled
}
role vpopmail u
role_allow_ip 0.0.0.0/32
role_allow_ip 217.236.55.193/32
role_allow_ip 62.224.139.6/32
subject / {
/ h
/bin h
/bin/bash x
/dev h
/dev/tty rw
/etc h
/etc/ld.so.cache r
/etc/nsswitch.conf r
/etc/passwd r
/home x
/home/vpopmail/domains/* rwcd
/lib rx
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/proc h
/proc/meminfo r
/usr h
/usr/local/bin/relay-ctrl-allow x
/usr/local/lib
/var h
/var/qmail/bin/qmail-local x
/var/qmail/bin/qmail-pop3d x
/var/qmail/users/cdb r
-CAP_ALL
bind disabled
connect disabled
}
subject /home/vpopmail/bin/vchkpw o {
/ h
/dev h
/dev/log rw
/etc h
/etc/ld.so.cache r
/home h
/home/vpopmail/bin/vchkpw x
/home/vpopmail/domains/* rw
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libcrypt-2.3.2.so rx
/lib/libnsl-2.3.2.so rx
/usr h
/usr/local/lib
/usr/share/zoneinfo/UTC r
/var h
/var/qmail/users/cdb r
-CAP_ALL
+CAP_CHOWN
+CAP_DAC_OVERRIDE
+CAP_SETGID
+CAP_SETUID
bind disabled
connect disabled
}
subject /usr/local/bin/relay-ctrl-allow o {
/ h
/etc h
/etc/ld.so.cache r
/home h
/home/vpopmail/domains/* r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/local/bin/relay-ctrl-allow x
/var h
/var/log h
/var/qmail/bin/qmail-pop3d x
/var/spool/relay-ctrl* rwcd
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/local/bin/tcpserver o {
/ h
/etc/resolv.conf r
/var/qmail/bin/qmail-popup x
/usr/local/bin/rblsmtpd x
-CAP_ALL
bind 0.0.0.0/0:0-65535 dgram ip udp
connect 0.0.0.0/0:0-65535 dgram udp stream tcp
}
subject /usr/local/bin/spamc o {
/ h
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libdl-2.3.2.so rx
/usr h
/usr/local/bin/spamc x
/usr/local/lib
-CAP_ALL
bind disabled
connect 127.0.0.1/32:783 stream tcp
}
subject /usr/local/bin/perl5.8.3 o {
/ h
/bin h
/bin/bash x
/bin/rm x
/dev h
/dev/urandom r
/etc h
/etc/ld.so.cache r
/etc/mtab r
/proc h
/proc/stat r
/usr h
/usr/lib h
/usr/lib/libdb-4.2.so rx
/usr/local rx
/usr/share h
/usr/share/zoneinfo/UTC r
/usr/bin
/usr/sbin
/var x
/var/spool/qmailscan r
/var/spool/qmailscan/working h
/var/spool/qmailscan/working/new/ wcd
/var/spool/qmailscan/working/tmp/ wcd
/var/spool/qmailscan/tmp
/var/log h
-CAP_ALL
bind disabled
connect disabled
}
role qscand u
role_allow_ip 0.0.0.0/32
subject / {
/ h
/bin h
/bin/bash x
/dev h
/dev/tty rw
/etc h
/etc/ld.so.cache r
/etc/mtab r
/etc/nsswitch.conf r
/etc/passwd r
/lib rx
/proc h
/proc/meminfo r
/usr h
/usr/local/bin/reformime x
/usr/local/bin/spamc x
/var h
/var/qmail/supervise/qmail-smtpd
/var/spool/qmailscan/tmp/
/var/spool/qmailscan/working/new r
-CAP_ALL
bind disabled
connect disabled
}
subject /var/qmail/bin/qmail-scanner-queue.pl o {
/ h
/dev h
/dev/urandom r
/etc h
/etc/ld.so.cache r
/lib rx
/usr h
/usr/local/bin/perl5.8.3 x
/usr/local/bin/suidperl x
/usr/local/lib
/var h
/var/qmail/bin/qmail-scanner-queue.pl r
-CAP_ALL
+CAP_SETUID
bind disabled
connect disabled
}
subject /usr/local/bin/rblsmtpd o {
/ h
/etc h
/etc/ld.so.cache r
/etc/resolv.conf r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/local/bin/rblsmtpd x
/usr/local/bin/relay-ctrl-check x
/usr/local/lib
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip udp
bind 0.0.0.0/32:64715 dgram ip udp
connect 81.3.4.66/32:53 dgram udp
}
subject /usr/local/bin/spamd o {
/
/.spamassassin wc
/bin
/bin/bash x
/dev
/dev/null a
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/etc h
/etc/hosts r
/etc/passwd r
/etc/protocols r
/etc/shadow r
/proc/kcore h
/proc/sys h
/razor-agent.log a
/tmp wcd
/usr h
/usr/bin
/usr/local/bin
/usr/local/lib/perl5/5.8.3/Carp/Heavy.pm r
/usr/sbin
/var/log h
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
bind 0.0.0.0/32:0 dgram ip
connect 81.3.4.66/32:53 dgram udp
connect 66.151.150.11/32:2703 stream tcp
connect 66.151.150.29/32:2703 stream tcp
}
subject /usr/local/bin/pyzor o {
/ h
/etc h
/etc/ld.so.cache r
/etc/mtab r
/lib rx
/proc h
/proc/meminfo r
/proc/sys/kernel/version r
/root h
/root/.pyzor
/root/.pyzor/servers r
/tmp/ rwcd
/usr
/usr/lib h
/usr/lib/libcrypto.so.0.9.7 rx
/usr/lib/libgcc_s.so.1 rx
/usr/lib/libssl.so.0.9.7 rx
/usr/lib/libstdc++.so.5.0.5 rx
/usr/share h
/usr/share/zoneinfo/UTC r
/usr/local rx
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip
connect 66.250.40.33/32:24441 dgram udp
}
subject /usr/local/bin/dccproc o {
/ h
/etc r
/etc/ssh h
/etc/grsec h
/etc/shadow h
/etc/passwd h
/lib rx
/usr h
/usr/local/bin/dccproc x
/var h
/var/dcc
/var/dcc/map rw
-CAP_ALL
+CAP_SETUID
bind 0.0.0.0/32:0 dgram ip udp
connect 81.3.4.66/32:53 dgram udp
connect 0.0.0.0./32:6277 dgram udp
connect 127.0.0.1/32:6277 dgram udp
}
role admin42 u
role_allow_ip 0.0.0.0/32
role_allow_ip 217.236.55.193/32
subject / {
/ h
/bin rx
/bin/bash x
/bin/ps x
/dev h
/dev/pts* rw
/dev/vc
/dev/tty rw
/etc r
/etc/ssh h
/etc/grsec h
/etc/shadow h
/home h
/home/admin42* rwcd
/lib rx
/opt rx
/usr* rx
/var h
/var/log/lastlog r
/var/spool/mail* r
/proc r
/proc/kcore h
/proc/meminfo r
/proc/sys h
-CAP_ALL
bind disabled
connect disabled
}
role root uG
role_allow_ip 0.0.0.0/0
role_allow_ip 217.236.55.193/32
role_allow_ip 217.236.55.193/32
role_allow_ip 217.236.26.147/32
role_allow_ip 217.236.43.232/32
role_allow_ip 0.0.0.0/32
role_allow_ip 195.97.59.147/32
role_allow_ip 211.57.222.205/32
role_allow_ip 62.224.139.6/32
subject / {
/
/bin/* x
/dev
/dev/null rw
/dev/twe0 rw
/dev/twe1 rw
/dev/twe10 rw
/dev/twe11 rw
/dev/twe12 rw
/dev/twe13 rw
/dev/twe14 rw
/dev/twe15 rw
/dev/twe2 rw
/dev/twe3 rw
/dev/twe4 rw
/dev/twe5 rw
/dev/twe6 rw
/dev/twe7 rw
/dev/twe8 rw
/dev/twe9 rw
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/dev/initctl
/dev/tty rw
/etc rx
/etc/ld.so.cache r
/etc/mtab r
/etc/relay-ctrl
/etc/relay-ctrl/RELAY_CTRL_DIR r
/etc/ssh h
/etc/shadow h
/etc/grsec h
/home
/home/vpopmail
/home/vpopmail/bin/vchkpw x
/icebear r
/lib rx
/opt
/package h
/package/admin/daemontools-0.76
/package/admin/daemontools-0.76/command/envdir x
/proc r
/proc/kcore h
/proc/meminfo r
/proc/sys/kernel/version r
/root r
/sbin* rx
/sbin/insmod x
/sbin/gradm x
/service rx
/tmp rwcd
/usr* rx
/usr/include r
/usr/lib rx
/usr/lib/libreadline.so.4.3 rx
/usr/man r
/usr/sbin rx
/usr/share r
/usr/share/man
/usr/share/man/man8 r
/usr/share/man/man8/gradm.8
/usr/share/man/man8/lspci.8
/usr/share/man/man8/setpci.8
/usr/local rx
/var rx
/var/log h
/var/dns/namedb
/var/qmail/supervise/qmail-pop3d
/var/qmail/supervise/qmail-send
/var/qmail/supervise/qmail-smtpd
/wwwrun rx
/wwwrun/apache_1.3.29/bin/httpd x
/wwwrun/apache_1.3.29/include r
-CAP_ALL
bind disabled
connect disabled
}
role clamav u
role_allow_ip 0.0.0.0/32
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/local/bin/freshclam o {
/ h
/dev h
/dev/urandom r
/etc h
/etc/host.conf r
/etc/hosts r
/etc/ld.so.cache r
/etc/resolv.conf r
/etc/passwd r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libnss_dns-2.3.2.so rx
/lib/libnss_files-2.3.2.so rx
/lib/libpthread-0.10.so rx
/lib/libresolv-2.3.2.so rx
/proc h
/proc/sys/kernel/version r
/usr h
/usr/lib/libz.so.1.1.4 rx
/usr/local/bin/freshclam x
/usr/local/lib/libclamav.so.1.0.3 rx
/usr/local/lib/libgmp.so.3.3.2 rx
/usr/local/share/clamav* rwcd
/usr/share/zoneinfo/UTC r
/var h
/var/log
/var/log/clam-update.log a
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
connect 81.3.4.66/32:53 dgram udp
connect 0.0.0.0/0:80 stream tcp
}
subject /usr/local/bin/relay-ctrl-age o {
/ h
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/local/bin/relay-ctrl-age x
/var h
/var/spool/relay-ctrl
/var/spool/relay-ctrl/217.236.55.193 wd
/var/spool/relay-ctrl/62.224.139.6 wd
-CAP_ALL
bind disabled
connect disabled
}
role nofiles g
role_allow_ip 217.236.55.193/32
role_allow_ip 0.0.0.0/32
subject / {
/ h
/etc h
/etc/ld.so.cache r
/etc/nsswitch.conf r
/etc/passwd r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libnss_files-2.3.2.so rx
/usr h
/usr/local/bin/relay-ctrl-check x
/usr/local/lib
/var rx
/var/log h
-CAP_ALL
bind disabled
connect disabled
}
I think the very interesting section is the section with sshd.
I add all what the learned acl says:
- Code: Select all
subject /usr/local/sbin/sshd o {
/ h
/bin h
/bin/bash x
/etc r
/etc/grsec h
/lib h
/lib/libnss_dns-2.3.2.so rx
/lib/libresolv-2.3.2.so rx
/proc
/proc/kcore h
/proc/sys h
/var h
/var/empty
/var/log
/var/log/lastlog rw
/var/log/wtmp w
/var/run/utmp rw
/dev
/dev/log rw
/dev/null r
/dev/ptmx rw
/dev/pts
/dev/pts/0 rw
/dev/pts/1 rw
/dev/tty rw
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/root
-CAP_ALL
+CAP_CHOWN
+CAP_FOWNER
+CAP_FSETID
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
+CAP_SYS_TTY_CONFIG
bind 0.0.0.0/32:0 dgram ip
connect 81.3.4.66/32:53 dgram udp
}
And now I wonder why I cannot loginto sshd from outside?
I study the learning logs:
[code]# cat learning | grep sshd
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/run/utmp 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/run/utmp 21 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 20 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/1 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/1 4 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0 0 0 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/empty 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0 0 18 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0 0 6 217.236.55.193
default 68 0 100 /usr/local/sbin/sshd / 0 0 7 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ssh/moduli 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ssh/moduli 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/shadow 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/shadow 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /bin/bash 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 5 217.236.55.193
default 68 0 101 /usr/local/sbin/sshd / 1 1 /etc/group 16 217.236.55.193
default 68 0 101 /usr/local/sbin/sshd / 1 1 /etc/group 17 217.236.55.193
default 68 0 101 /usr/local/sbin/sshd / 0 0 6 217.236.55.193
default 68 0 101 /usr/local/sbin/sshd / 0 0 7 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /etc/passwd 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /etc/passwd 17 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/ptmx 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/ptmx 21 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/1 21 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/24047 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/24047/fd/6 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/group 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/group 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0 0 3 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0 0 4 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/protocols 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/protocols 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/resolv.conf 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/resolv.conf 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/host.conf 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/host.conf 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/hosts 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/hosts 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ld.so.cache 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ld.so.cache 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 8 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 8 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0.0.0.0 0 2 0 1 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 81.3.4.66 53 2 17 2 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /dev/tty 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /dev/tty 21 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /dev/pts/1 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /dev/pts/1 21 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /dev/tty 20 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /etc/motd 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /etc/motd 17 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /home/admin42 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /bin/bash 16 217.236.55.193
default 68 101 101 /usr/local/sbin/sshd / 1 1 /bin/bash 8 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/24047/fd/0 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 21 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/null 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/null 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 20 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 5 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 17 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/run/utmp 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/run/utmp 21 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 20 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/0 16 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/0 4 217.236.55.193
default 68 0 0 /usr/local/sbin/sshd / 0 0 0 217.236.55.193
default 68 0 0 /usr/bin/find / 1 1 /usr/local/man/man5/sshd_config.5 16 0.0.0.0
default 68 0 0 /usr/bin/find / 1 1 /usr/local/man/man8/sshd.8 16 0.0.0.0
default 68 0 0 /usr/bin/find / 1 1 /usr/man/man5/sshd_config.5.gz 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /var/run/sshd.pid 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /etc/rc.d/sshd 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /etc/rc.d/sshd_ALT 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /etc/rc.d/sshd~ 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /etc/ssh/sshd_config 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /etc/ssh/sshd_config.ORIG 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /etc/ssh/sshd_config~ 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /icebear/src/www/openssh/sshd_config 16 0.0.0.0
default 68 0 0 /usr/bin/slocate / 1 1 /icebear/src/www/openssh/sshd 16 0.0.0.0
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/empty 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0 0 18 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0 0 6 217.236.26.147
default 68 0 100 /usr/local/sbin/sshd / 0 0 7 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ssh/moduli 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ssh/moduli 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/shadow 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/shadow 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /bin/bash 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 5 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/ptmx 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/ptmx 21 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/0 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/0 21 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/12832 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/12832/fd/7 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/group 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/group 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/0 4 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0 0 0 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0 0 4 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/tty 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/tty 21 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0 0 26 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/tty 20 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/protocols 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/protocols 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/resolv.conf 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/resolv.conf 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/host.conf 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/host.conf 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/hosts 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/hosts 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ld.so.cache 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ld.so.cache 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 8 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 8 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0.0.0.0 0 2 0 1 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 81.3.4.66 53 2 17 2 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/21530 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/21530/fd/0 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/run/utmp 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/run/utmp 21 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/wtmp 20 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 21 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/motd 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/motd 17 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 0 0 7 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /root 16 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /bin/bash 8 217.236.26.147
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/passwd 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/empty 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 0 0 18 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 0 0 6 217.236.43.232
default 68 0 100 /usr/local/sbin/sshd / 0 0 7 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ssh/moduli 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ssh/moduli 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/shadow 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/shadow 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /bin/bash 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/log 5 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /var/log/lastlog 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/ptmx 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/ptmx 21 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/1 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/1 21 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/2389 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /proc/2389/fd/7 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/group 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/group 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/pts/1 4 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 0 0 0 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 0 0 4 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/tty 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/tty 21 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 0 0 26 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /dev/tty 20 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/protocols 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/protocols 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/resolv.conf 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/resolv.conf 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/host.conf 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/host.conf 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/hosts 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/hosts 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ld.so.cache 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /etc/ld.so.cache 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 17 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libnss_dns-2.3.2.so 8 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /lib/libresolv-2.3.2.so 16 217.236.43.232
default 68 0 0 /usr/local/sbin/sshd / 1 1 /