Grsecurity logging

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Grsecurity logging

Postby Xerxes83 » Fri Jun 17, 2005 2:59 pm

Hi all! I am a bit confused by the Grsecurity logging system. Isn't Grsecurity supposed to log all access violations? Or do I need to enable this somehow?

The problem is that a process on my server encounters a problem and then tries to send me an email about the problem. Unfortunately nothing about this problem appears in the log, except for the final result:
grsec: (root:U:/) denied executable mmap of /usr/sbin/sendmail by /usr/sbin/sendmail[sendmail:18828] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:17456] uid/euid:0/0 gid/egid:0/0

I have solved the sendmail problem by running the full learning mode again (running only in learning mode for /usr/bin/sendmail didn't work for some reason). I do however wonder why I got the 'denied executable mmap' error instead of an access violation...

I am running Grsecurity v2.1.5 with the 2.4.30 kernel (the newest version is not yet available for my distro).
Xerxes83
 
Posts: 8
Joined: Fri Jun 17, 2005 2:03 pm

Return to grsecurity support