grsecurity forums

[zaterio]

Hi I am very newbie in grsec world (sorry my english too, writting from Chile)

Debian Sarge 3.1

uname -a

Linux debian 2.6.14.7-vs2.1.0-grsec-2.1.9

well, whe I run:

gradm -F -L /etc/grsec/learning.log

I can see in learnin.log that gradm is logging information about the IPs, for example these 2 lines (a few of pretty much lines) are added in learning.log when I do a apt-get install procces :

default 68 0 0 /home/vservers/linuxparanoico/usr/bin/apt-extracttemplates / u -1 0 0 192.168.1.126
default 68 0 0 /home/vservers/linuxparanoico/usr/bin/apt-extracttemplates / g -1 0 0 192.168.1.126

I am remotely admin my grsec box by ssh from the 192.168.1.126 machine (the grsec machine is the 192.168.1.20)..

when I want to obtain my grsec policys from the learning process this IP information have a restrictive function??...for example is I want to apt-get my machine i only can do that from the 192.168.1.126 machine???

thanks in advance

zaterio

[Hue-Bond]

these 2 lines (a few of pretty much lines) are added in learning.log when I do a apt-get install procces :

default 68 0 0 /home/vservers/linuxparanoico/usr/bin/apt-extracttemplates / u -1 0 0 192.168.1.126
default 68 0 0 /home/vservers/linuxparanoico/usr/bin/apt-extracttemplates / g -1 0 0 192.168.1.126

I am remotely admin my grsec box by ssh from the 192.168.1.126 machine (the grsec machine is the 192.168.1.20)..

when I want to obtain my grsec policys from the learning process this IP information have a restrictive function??

Yes. You will obtain something like:

Code: Select all

role root u
role_allow_ip 192.168.1.126

Afterwards, you can (and should) review the generated policy and adjust it to your needs. In this case, you could add a line similar to that one with the other IP.

[zaterio]

thanks!!