When I try to parse learn logs (created with gradm -F -L /etc/grsec/learning.logs), I got:
- Code: Select all
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user nobody...done.
Beginning full learning subject reduction for user dhcp...done.
Beginning full learning object reduction for subject /...done.
Segmentation fault
strace (few last lines):
- Code: Select all
write(4, "\t/var\t\t\t\t\n"..., 10) = 10
write(4, "\t/var/spool\t\t\t\n"..., 15) = 15
write(4, "\t/var/spool/cron\t\t\t\n"..., 20) = 20
write(4, "\t/var/log\t\t\th\n"..., 14) = 14
write(4, "\t/boot\t\t\t\th\n"..., 12) = 12
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Input file is only 2MB and it seems it doesen't matter how long it is created.
OS: gentoo 2.6.28-hardened-r7 with gradm sys-apps/gradm-2.1.13.200902232204 running on amd64.
How can I change learned data to policy? Is it my mistake or gradm?