I have some questions about rule writing.
Take ie rule for dnsmasq:
----------------------
role admin sA
subject / rvka
/ rwcdmlxi
role default
subject / {
/ h
-CAP_ALL
connect disabled
bind disabled
}
role nobody u
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/sbin/dnsmasq o {
/ h
/etc/localtime r
/etc/resolv.conf r
-CAP_ALL
bind 0.0.0.0/32:0-65535 dgram ip udp
connect 0.0.0.0/0:1024-65535 dgram udp
connect 0.0.0.0/0:53 dgram udp
}
----------------------
first subject denies everything for user nobody, but second subject with flag "o" should override that inheritance, and give access to two files, binding and connecting for /usr/sbin/dnsmasq but it does not. With that config I still have in logs something like this:
Sep 3 13:43:13 proxy grsec: (default:D:/) denied access to hidden file /etc/resolv.conf by /usr/sbin/dnsmasq[dnsmasq:4841] uid/euid:65534/65534 gid/egid:65534/65534, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Sep 3 13:43:15 proxy grsec: (default:D:/) denied connect() to 192.168.xxx.yyy port 1025 sock type dgram protocol udp by /usr/sbin/dnsmasq[dnsmasq:4841] uid/euid:65534/65534 gid/egid:65534/65534, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
First at all it hits role default. But when I have something like this:
----------------------
role default
subject / {
/ h
-CAP_ALL
connect disabled
bind disabled
}
role nobody u
subject / {
/ h
/etc/localtime r
/etc/resolv.conf r
-CAP_ALL
bind 0.0.0.0/32:0-65535 dgram ip udp
connect 0.0.0.0/0:1024-65535 dgram udp
connect 0.0.0.0/0:53 dgram udp
}
subject /usr/sbin/dnsmasq o {
/ h
-CAP_ALL
}
--------------------------
it works fine for me.
My system is hardened gentoo, kernel 2.6.28-hardened-r9 (grsec-2.1.13-2.6.28.10-200905241817.patch)
learning mode and inheritance
13 posts
• Page 1 of 1
learning mode and inheritance
by xperience » Thu Sep 03, 2009 7:42 am
- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
Re: learning mode and inheritance
by spender » Thu Sep 03, 2009 8:30 am
Did you update dnsmasq recently? This could be the bug that I've fixed within the past few months (not fixed in the kernel you're using) involving the wrong subject being applied if the RBAC system is enabled with some binary running that has been updated on disk (so the deleted file associated with the running process has a different inode than the one that currently exists on disk).
I'd need you to run an up-to-date kernel with the latest patch to do any more debugging, as we don't support old kernels.
-Brad
I'd need you to run an up-to-date kernel with the latest patch to do any more debugging, as we don't support old kernels.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: learning mode and inheritance
by xperience » Fri Sep 04, 2009 2:29 am
Yes I have that problem on a production machine, but I can't get any newer kernel because I need agree of other administrators for it.
I'll try to prepare virtual machine to reproduce problem and give You all info You need, and with newest kernel.
Problem don't lie in dnsmasq, it repeats for all binaries that are running as other user than root.
And Yes dnsmasq was updated, but system was restarted some times so inode change shouldn't be a problem.
I'll try to prepare virtual machine to reproduce problem and give You all info You need, and with newest kernel.
Problem don't lie in dnsmasq, it repeats for all binaries that are running as other user than root.
And Yes dnsmasq was updated, but system was restarted some times so inode change shouldn't be a problem.
- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
Re: learning mode and inheritance
by xperience » Wed Sep 09, 2009 8:30 am
Problem occurs with grsecurity-2.1.14-2.6.29.6-200908252018.patch too. With grsecurity-2.1.14-2.6.30.5-200909052209.patch my system doesn't boot so I took older patch. What I can send You to fix problem?
- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
Re: learning mode and inheritance
by spender » Wed Sep 09, 2009 8:38 am
Were you also using the latest gradm?
If you could send me your full policy, the exact commands you used to generate the problem, the output of 'stat /usr/sbin/dnsmasq', and also do the following:
add -DGRADM_DEBUG to the end of the CFLAGS= line in the gradm Makefile, then give me the output of gradm -E
-Brad
If you could send me your full policy, the exact commands you used to generate the problem, the output of 'stat /usr/sbin/dnsmasq', and also do the following:
add -DGRADM_DEBUG to the end of the CFLAGS= line in the gradm Makefile, then give me the output of gradm -E
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: learning mode and inheritance
by spender » Wed Sep 09, 2009 8:42 am
About 2.6.30.5 not booting, there's nothing we can do to help you if you don't provide more information than that it doesn't boot.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: learning mode and inheritance
by xperience » Thu Sep 10, 2009 7:38 am
Policy was autogenerated by gradm full learn, with a few changes.
Outputs:
Outputs:
- Code: Select all
[b]localhost ~ # stat /usr/sbin/dnsmasq[/b]
File: `/usr/sbin/dnsmasq'
Size: 163404 Blocks: 328 IO Block: 4096 regular file
Device: 303h/771d Inode: 1057328 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2009-09-08 07:59:21.000000000 +0200
Modify: 2009-09-08 07:59:21.000000000 +0200
Change: 2009-09-08 07:59:28.000000000 +0200
- Code: Select all
[b]localhost ~ # gradm -E[/b]
ROLE: :::kernel::: type:special uid/gid:1
TRANSITIONS: :::kernel:::
SUBJECT: / dev:3145731 inode:2 mode:32803 c_raise:ffffffff c_drop:ffffffff
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: / dev:3145731 inode:2 mode:927
ROLE: apache type:user uid/gid:81
TRANSITIONS:
SUBJECT: /usr/sbin/apache2 dev:3145731 inode:1089316 mode:32800 c_raise:0 c_drop:0
BIND 4294967232.4294967208.4294967290.4294967294/18:443-443 stream ip tcp
CONNECT 0.0.0.0/0:0-0
OBJECT: /usr/sbin/apache2 dev:3145731 inode:1089316 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
ROLE: sshd type:user uid/gid:22
TRANSITIONS:
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
ROLE: arpwatch type:user uid/gid:101
TRANSITIONS:
SUBJECT: /usr/sbin/arpwatch dev:3145731 inode:1057485 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /usr/sbin/arpwatch dev:3145731 inode:1057485 mode:25
OBJECT: /var/lib/arpwatch/eth1.dat.new dev:0 inode:172 mode:2147484055
OBJECT: /var/lib/arpwatch/eth1.dat- dev:0 inode:171 mode:2147484055
OBJECT: /var/lib/arpwatch/eth1.dat dev:0 inode:170 mode:2147484055
OBJECT: /var/lib/arpwatch dev:3145731 inode:1063653 mode:16
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
ROLE: nobody type:user uid/gid:65534
TRANSITIONS:
SUBJECT: /usr/sbin/dnsmasq dev:3145731 inode:1057328 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-65535 dgram ip udp
CONNECT 0.0.0.0/0:1024-65535 dgram ip udp
CONNECT 0.0.0.0/0:53-53 dgram ip udp
OBJECT: /usr/sbin/dnsmasq dev:3145731 inode:1057328 mode:25
OBJECT: /etc/resolv.conf dev:3145731 inode:16918 mode:16
OBJECT: /etc/localtime dev:3145731 inode:16802 mode:16
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-65535 dgram ip udp
CONNECT 0.0.0.0/0:1024-65535 dgram ip udp
CONNECT 0.0.0.0/0:53-53 dgram ip udp
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
ROLE: squid type:user uid/gid:31
TRANSITIONS:
SUBJECT: /usr/sbin/squid dev:3145731 inode:1081462 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0 stream ip tcp
BIND 4294967232.4294967208.4294967290.4294967294/18:3128-3128 stream ip tcp
CONNECT 0.0.0.0/0:80-80 stream dgram ip tcp udp
CONNECT 0.0.0.0/0:53-53 stream dgram ip tcp udp
OBJECT: /usr/sbin/squid dev:3145731 inode:1081462 mode:25
OBJECT: /var/cache dev:3145731 inode:1006358 mode:407
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
ROLE: root type:user uid/gid:0
TRANSITIONS: admin
SUBJECT: /usr/sbin/syslog-ng dev:3145731 inode:1016664 mode:32800 c_raise:200000 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /usr/sbin/syslog-ng dev:3145731 inode:1016664 mode:25
OBJECT: /etc/localtime dev:3145731 inode:16802 mode:16
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/sbin/sshd dev:3145731 inode:188116 mode:32800 c_raise:40410c0 c_drop:0
BIND 0.0.0.0/0:22-22 stream dgram ip tcp
BIND 0.0.0.0/0:0-0 stream dgram ip tcp
CONNECT 0.0.0.0/0:22-22 dgram ip udp
OBJECT: /boot dev:3145729 inode:2 mode:0
OBJECT: /sys dev:0 inode:1 mode:0
OBJECT: /proc/bus dev:3 inode:4026531852 mode:0
OBJECT: /proc/kcore dev:0 inode:20 mode:2147483648
OBJECT: /proc/sys/kernel/ngroups_max dev:3 inode:9699 mode:17
OBJECT: /proc dev:3 inode:1 mode:16
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /var/spool/mail dev:3145731 inode:1008341 mode:16
OBJECT: /var/run/utmp dev:3145731 inode:1006423 mode:23
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var/log/wtmp dev:3145731 inode:997504 mode:22
OBJECT: /var/log/lastlog dev:3145731 inode:997505 mode:23
OBJECT: /var/log/faillog dev:3145731 inode:997481 mode:23
OBJECT: /var/log dev:3145731 inode:997500 mode:16
OBJECT: /var/empty dev:3145731 inode:1006430 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/sbin/sshd dev:3145731 inode:188116 mode:25
OBJECT: /usr/lib/libssl.so.0.9.8 dev:3145731 inode:100386 mode:25
OBJECT: /usr/lib/libcrypto.so.0.9.8 dev:3145731 inode:100444 mode:25
OBJECT: /usr/lib dev:3145731 inode:98278 mode:16
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/tty dev:14 inode:152 mode:23
OBJECT: /dev/pts dev:10 inode:1 mode:23
OBJECT: /dev/ptmx dev:14 inode:1161 mode:23
OBJECT: /dev/null dev:14 inode:153 mode:23
OBJECT: /dev/log dev:14 inode:8558 mode:23
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/bash dev:3145731 inode:196295 mode:24
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:16
SUBJECT: /usr/sbin/sendmail dev:3145731 inode:1009030 mode:32800 c_raise:1000 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /var/spool/postfix dev:0 inode:144 mode:2147483664
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/sbin/sendmail dev:3145731 inode:191203 mode:25
OBJECT: /usr/sbin/ssmtp dev:3145731 inode:1009030 mode:25
OBJECT: /usr/sbin/postdrop dev:0 inode:135 mode:2147483672
OBJECT: /usr/sbin dev:3145731 inode:188049 mode:0
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc/postfix/main.cf dev:0 inode:137 mode:2147483665
OBJECT: /etc/postfix dev:0 inode:136 mode:2147483648
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/log dev:14 inode:8558 mode:23
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/sbin/sarg dev:0 inode:104 mode:2147516448 c_raise:1000002 c_drop:0
BIND 0.0.0.0/0:0-0 dgram ip
CONNECT 4294967232.4294967208.1.2/7:53-53 dgram ip udp
OBJECT: /var/www dev:3145731 inode:1063035 mode:407
OBJECT: /var/log/squid/access.log dev:0 inode:121 mode:2147483665
OBJECT: /var dev:3145731 inode:997473 mode:16
OBJECT: /tmp dev:3145731 inode:122641 mode:407
OBJECT: /usr/sbin/sarg dev:0 inode:104 mode:2147483672
OBJECT: /usr/sbin dev:3145731 inode:188049 mode:0
OBJECT: /usr/lib/gconv/gconv-modules.cache dev:3145731 inode:131164 mode:17
OBJECT: /usr/lib/gconv/ISO8859-1.so dev:3145731 inode:130996 mode:25
OBJECT: /usr/lib/gconv dev:3145731 inode:130982 mode:0
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/passwd dev:3145731 inode:16941 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/bash dev:3145731 inode:196295 mode:24
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/sbin/postdrop dev:0 inode:135 mode:2147516448 c_raise:1000 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /var/spool/postfix/public/pickup dev:0 inode:146 mode:2147483670
OBJECT: /var/spool/postfix/maildrop dev:0 inode:145 mode:2147484055
OBJECT: /var/spool/postfix dev:0 inode:144 mode:2147483664
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/share/zoneinfo dev:3145731 inode:140869 mode:17
OBJECT: /usr/share dev:3145731 inode:91825 mode:0
OBJECT: /usr/sbin/postdrop dev:0 inode:135 mode:2147483672
OBJECT: /usr/sbin dev:3145731 inode:188049 mode:0
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc/postfix/main.cf dev:0 inode:137 mode:2147483665
OBJECT: /etc/postfix dev:0 inode:136 mode:2147483648
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/log dev:14 inode:8558 mode:23
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/sbin/cron dev:3145731 inode:1015173 mode:32800 c_raise:c0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /usr/sbin/cron dev:3145731 inode:1015173 mode:25
OBJECT: /boot dev:3145729 inode:2 mode:0
OBJECT: /sys dev:0 inode:1 mode:0
OBJECT: /var/spool/cron/crontabs dev:3145731 inode:1015433 mode:16
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/sbin/sendmail dev:3145731 inode:191203 mode:24
OBJECT: /usr/sbin/ssmtp dev:3145731 inode:1009030 mode:24
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /proc/sys/kernel/ngroups_max dev:3 inode:9699 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/log dev:14 inode:8558 mode:23
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/bash dev:3145731 inode:196295 mode:24
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:16
SUBJECT: /usr/sbin/apache2 dev:3145731 inode:1089316 mode:32800 c_raise:10e0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 4294967232.4294967208.4294967290.4294967294/18:443-443 stream ip tcp
OBJECT: /usr/sbin/apache2 dev:3145731 inode:1089316 mode:25
OBJECT: /root dev:3145731 inode:891185 mode:16
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /var/www/localhost/htdocs dev:3145731 inode:1089377 mode:16
OBJECT: /var/run/apache2.pid dev:0 inode:124 mode:2147483670
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var/log/apache2 dev:3145731 inode:1032563 mode:18
OBJECT: /var/lib/net-snmp dev:0 inode:123 mode:2147483664
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/share dev:3145731 inode:91825 mode:17
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /proc/sys/kernel/ngroups_max dev:3 inode:9699 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib/libresolv-2.9.so dev:3145731 inode:1095624 mode:25
OBJECT: /lib/libreadline.so.5.2 dev:3145731 inode:1095746 mode:25
OBJECT: /lib/libncurses.so.5.6 dev:3145731 inode:1095597 mode:25
OBJECT: /lib dev:3145731 inode:1095585 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/bin/webalizer dev:3145731 inode:1071934 mode:32800 c_raise:2 c_drop:0
BIND 0.0.0.0/0:0-0 dgram ip
CONNECT 4294967232.4294967208.1.2/7:53-53 dgram ip udp
OBJECT: /var/tmp dev:3145731 inode:997510 mode:16
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var/www/localhost/htdocs/webalizer dev:3145731 inode:1087409 mode:23
OBJECT: /var/www/localhost/htdocs/apache2 dev:0 inode:122 mode:2147483671
OBJECT: /var/www dev:3145731 inode:1063035 mode:0
OBJECT: /var/log/squid/access.log dev:0 inode:121 mode:2147483665
OBJECT: /var/log/apache2/ssl_access_log dev:0 inode:120 mode:2147483665
OBJECT: /var/log dev:3145731 inode:997500 mode:0
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /usr/bin/webalizer dev:3145731 inode:1071934 mode:25
OBJECT: /usr/bin dev:3145731 inode:89998 mode:0
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /proc/stat dev:3 inode:4026531968 mode:17
OBJECT: /proc/meminfo dev:3 inode:4026531967 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/passwd dev:3145731 inode:16941 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/bin/squeezer2.pl dev:0 inode:107 mode:2147516448 c_raise:2 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /root dev:3145731 inode:891185 mode:16
OBJECT: /proc/bus dev:3 inode:4026531852 mode:0
OBJECT: /proc/sys dev:3 inode:4026531853 mode:0
OBJECT: /proc/kcore dev:0 inode:20 mode:2147483648
OBJECT: /proc dev:3 inode:1 mode:16
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/passwd dev:3145731 inode:16941 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc/squid/squid.conf dev:3145731 inode:1080182 mode:17
OBJECT: /etc/localtime dev:3145731 inode:16802 mode:17
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: /etc dev:3145731 inode:16353 mode:16
OBJECT: /var/log/squid dev:3145731 inode:1032558 mode:17
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/local/lib dev:3145731 inode:188135 mode:16
OBJECT: /usr/local dev:3145731 inode:188130 mode:0
OBJECT: /usr/lib dev:3145731 inode:98278 mode:17
OBJECT: /usr/bin/squeezer2.pl dev:0 inode:107 mode:2147483665
OBJECT: /usr/bin/perl5.8.8 dev:3145731 inode:90262 mode:24
OBJECT: /usr/bin dev:3145731 inode:89998 mode:0
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/uname dev:3145731 inode:196246 mode:24
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /usr/bin/sarg-reports dev:0 inode:102 mode:2147516448 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /tmp dev:3145731 inode:122641 mode:150
OBJECT: /root dev:3145731 inode:891185 mode:16
OBJECT: /var/www/localhost/htdocs/sarg2/index.html dev:0 inode:106 mode:2147483670
OBJECT: /var/www/localhost/htdocs/sarg2 dev:0 inode:105 mode:2147483664
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/sbin/sarg dev:0 inode:104 mode:2147483672
OBJECT: /usr/bin/sarg-reports dev:0 inode:102 mode:2147483665
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /proc/meminfo dev:3 inode:4026531967 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: /etc dev:3145731 inode:16353 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/tty dev:14 inode:152 mode:23
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin dev:3145731 inode:196225 mode:24
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /etc/cron.daily dev:3145731 inode:16867 mode:32800 c_raise:1043 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /var/tmp dev:3145731 inode:997510 mode:16
OBJECT: /var/state dev:3145731 inode:1006356 mode:16
OBJECT: /var/lost+found dev:0 inode:101 mode:2147483664
OBJECT: /var/log/squid dev:3145731 inode:1032558 mode:16
OBJECT: /var/log/snort/archive dev:0 inode:100 mode:2147483664
OBJECT: /var/log/snort dev:0 inode:99 mode:2147483665
OBJECT: /var/log/samba/cores/smbd dev:0 inode:98 mode:2147483664
OBJECT: /var/log/samba/cores/nmbd dev:0 inode:97 mode:2147483664
OBJECT: /var/log/samba/cores dev:0 inode:96 mode:2147483665
OBJECT: /var/log/samba dev:0 inode:95 mode:2147483665
OBJECT: /var/log/portage/elog dev:3145731 inode:997502 mode:16
OBJECT: /var/log/portage dev:3145731 inode:997501 mode:17
OBJECT: /var/log/mysql dev:0 inode:94 mode:2147483664
OBJECT: /var/log/apache2 dev:3145731 inode:1032563 mode:407
OBJECT: /var/log/Bastillerevert/backup dev:0 inode:93 mode:2147483665
OBJECT: /var/log/Bastillerevert dev:0 inode:92 mode:2147483665
OBJECT: /var/log dev:3145731 inode:997500 mode:17
OBJECT: /var/lock/subsys/psad dev:0 inode:91 mode:2147483664
OBJECT: /var/lock/subsys dev:3145731 inode:1006427 mode:17
OBJECT: /var/lock dev:3145731 inode:1006426 mode:17
OBJECT: /var/lib/spool/prelude dev:0 inode:90 mode:2147483664
OBJECT: /var/lib/spool dev:0 inode:89 mode:2147483665
OBJECT: /var/lib/slocate/slocate.db.stf dev:3145731 inode:1017067 mode:407
OBJECT: /var/lib/slocate/slocate.db dev:3145731 inode:1013863 mode:407
OBJECT: /var/lib/slocate dev:3145731 inode:1016465 mode:22
OBJECT: /var/lib/samba/private dev:0 inode:88 mode:2147483664
OBJECT: /var/lib/samba dev:0 inode:87 mode:2147483665
OBJECT: /var/lib/php-pkg/dev-lang/php-5.2.10 dev:0 inode:86 mode:2147483664
OBJECT: /var/lib/php-pkg/dev-lang dev:0 inode:85 mode:2147483665
OBJECT: /var/lib/php-pkg dev:0 inode:84 mode:2147483665
OBJECT: /var/lib/ntop/rrd/graphics dev:0 inode:83 mode:2147483664
OBJECT: /var/lib/ntop/rrd dev:0 inode:82 mode:2147483665
OBJECT: /var/lib/ntop dev:0 inode:81 mode:2147483665
OBJECT: /var/lib/mysql/test dev:0 inode:80 mode:2147483664
OBJECT: /var/lib/mysql/snort dev:0 inode:79 mode:2147483664
OBJECT: /var/lib/mysql/mysql dev:0 inode:78 mode:2147483664
OBJECT: /var/lib/mysql dev:0 inode:77 mode:2147483665
OBJECT: /var/lib/logrotate.status dev:0 inode:76 mode:2147483671
OBJECT: /var/lib/init.d/mtime-test.8987 dev:0 inode:75 mode:2147484054
OBJECT: /var/lib/init.d dev:3145731 inode:997477 mode:17
OBJECT: /var/lib/gentoo/news dev:3145731 inode:997498 mode:16
OBJECT: /var/lib/gentoo dev:3145731 inode:997497 mode:17
OBJECT: /var/lib/boinc/projects/lhcathome.cern.ch_lhcathome dev:0 inode:74 mode:2147483664
OBJECT: /var/lib/boinc/projects dev:0 inode:73 mode:2147483665
OBJECT: /var/lib/boinc dev:0 inode:72 mode:2147483665
OBJECT: /var/lib dev:3145731 inode:997474 mode:17
OBJECT: /var/empty dev:3145731 inode:1006430 mode:16
OBJECT: /var/delta-webrsync dev:3145731 inode:999710 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:17
OBJECT: /usr/share dev:3145731 inode:91825 mode:23
OBJECT: /usr/sbin/makewhatis dev:3145731 inode:188063 mode:57
OBJECT: /usr/sbin/logrotate dev:0 inode:71 mode:2147483704
OBJECT: /usr/sbin/apache2 dev:3145731 inode:1089316 mode:56
OBJECT: /usr/sbin dev:3145731 inode:188049 mode:16
OBJECT: /usr/lost+found dev:0 inode:70 mode:2147483664
OBJECT: /usr/local dev:3145731 inode:188130 mode:23
OBJECT: /usr/libexec/squid dev:3145731 inode:181595 mode:16
OBJECT: /usr/libexec/gcc/i686-pc-linux-gnu/3.4.6 dev:3145731 inode:181547 mode:16
OBJECT: /usr/libexec/gcc/i686-pc-linux-gnu dev:3145731 inode:181546 mode:17
OBJECT: /usr/libexec/gcc dev:3145731 inode:181545 mode:17
OBJECT: /usr/libexec dev:3145731 inode:181544 mode:17
OBJECT: /usr/lib dev:3145731 inode:98278 mode:57
OBJECT: /usr/i686-pc-linux-gnu/gcc-bin/3.4.6 dev:3145731 inode:89982 mode:16
OBJECT: /usr/i686-pc-linux-gnu/gcc-bin dev:3145731 inode:89981 mode:17
OBJECT: /usr/i686-pc-linux-gnu/binutils-bin/2.18 dev:3145731 inode:89955 mode:16
OBJECT: /usr/i686-pc-linux-gnu/binutils-bin dev:3145731 inode:89954 mode:17
OBJECT: /usr/i686-pc-linux-gnu dev:3145731 inode:89938 mode:17
OBJECT: /usr/i386-pc-linux-gnu/lib dev:0 inode:69 mode:2147483664
OBJECT: /usr/i386-pc-linux-gnu/bin dev:0 inode:68 mode:2147483664
OBJECT: /usr/i386-pc-linux-gnu dev:0 inode:67 mode:2147483665
OBJECT: /usr/com/nessus/CA dev:0 inode:66 mode:2147483664
OBJECT: /usr/com/nessus dev:0 inode:65 mode:2147483665
OBJECT: /usr/com dev:0 inode:64 mode:2147483665
OBJECT: /usr/bin/slocate dev:3145731 inode:1009013 mode:56
OBJECT: /usr/bin/nice dev:3145731 inode:90502 mode:56
OBJECT: /usr/bin/find dev:3145731 inode:90052 mode:56
OBJECT: /usr/bin dev:3145731 inode:89998 mode:16
OBJECT: /usr dev:3145731 inode:89937 mode:17
OBJECT: /tmp dev:3145731 inode:122641 mode:407
OBJECT: /sys dev:0 inode:1 mode:16
OBJECT: /sbin dev:3145731 inode:98113 mode:57
OBJECT: /proc/sys dev:3 inode:4026531853 mode:0
OBJECT: /proc/kcore dev:0 inode:20 mode:2147483648
OBJECT: /proc/meminfo dev:3 inode:4026531967 mode:17
OBJECT: /proc/cmdline dev:3 inode:4026531962 mode:17
OBJECT: /proc dev:3 inode:1 mode:16
OBJECT: /opt dev:3145731 inode:899361 mode:16
OBJECT: /mnt/floppy dev:3145731 inode:703138 mode:16
OBJECT: /mnt/cdrom dev:3145731 inode:703140 mode:16
OBJECT: /mnt dev:3145731 inode:703137 mode:17
OBJECT: /lost+found dev:3145731 inode:11 mode:16
OBJECT: /lib dev:3145731 inode:1095585 mode:57
OBJECT: /home/szpak/work dev:0 inode:62 mode:2147483664
OBJECT: /home/szpak/.ssh dev:0 inode:61 mode:2147483664
OBJECT: /home/szpak/.mc/cedit dev:0 inode:60 mode:2147483664
OBJECT: /home/szpak/.mc dev:0 inode:59 mode:2147483665
OBJECT: /home/szpak dev:0 inode:58 mode:2147483665
OBJECT: /home dev:3145731 inode:874833 mode:17
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:57
OBJECT: /dev/log dev:14 inode:8558 mode:0
OBJECT: /dev/port dev:14 inode:982 mode:0
OBJECT: /dev/kmem dev:14 inode:946 mode:0
OBJECT: /dev/mem dev:14 inode:968 mode:0
OBJECT: /dev/grsec dev:14 inode:9929 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/tty dev:14 inode:152 mode:23
OBJECT: /dev/null dev:14 inode:153 mode:22
OBJECT: /dev dev:14 inode:148 mode:16
OBJECT: /boot/lost+found dev:3145729 inode:11 mode:16
OBJECT: /boot/grub dev:3145729 inode:43177 mode:16
OBJECT: /boot dev:3145729 inode:2 mode:17
OBJECT: /bin dev:3145731 inode:196225 mode:56
OBJECT: / dev:3145731 inode:2 mode:17
SUBJECT: /bin/touch dev:3145731 inode:196256 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /var/spool/cron/lastrun/cron.weekly dev:3145731 inode:1009663 mode:150
OBJECT: /var/spool/cron/lastrun/cron.hourly dev:3145731 inode:1008451 mode:150
OBJECT: /var/spool/cron/lastrun/cron.daily dev:3145731 inode:1009633 mode:150
OBJECT: /var/spool/cron/lastrun dev:3145731 inode:1007980 mode:22
OBJECT: /var/spool/cron dev:3145731 inode:1006486 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: /etc dev:3145731 inode:16353 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/touch dev:3145731 inode:196256 mode:25
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /bin/sort dev:3145731 inode:196289 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /tmp dev:3145731 inode:122641 mode:151
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/index.unsort dev:0 inode:52 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/index.sort dev:0 inode:51 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/top.tmp dev:0 inode:50 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/top dev:0 inode:49 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-sites dev:0 inode:48 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-general3 dev:0 inode:47 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-general2 dev:0 inode:46 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-general dev:0 inode:45 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30 dev:0 inode:44 mode:2147483664
OBJECT: /var/www/localhost/htdocs/sarg2/Tygodniowe dev:0 inode:43 mode:2147483664
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/top.tmp dev:0 inode:42 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/top dev:0 inode:41 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-sites dev:0 inode:40 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-general3 dev:0 inode:39 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-general2 dev:0 inode:38 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-general dev:0 inode:37 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30 dev:0 inode:36 mode:2147483664
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/top.tmp dev:0 inode:35 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/top dev:0 inode:34 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-sites dev:0 inode:33 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-general3 dev:0 inode:32 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-general2 dev:0 inode:31 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-general dev:0 inode:30 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29 dev:0 inode:29 mode:2147483664
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/top.tmp dev:0 inode:28 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/top dev:0 inode:27 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-sites dev:0 inode:26 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-general3 dev:0 inode:25 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-general2 dev:0 inode:24 mode:2147483798
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-general dev:0 inode:23 mode:2147483665
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28 dev:0 inode:22 mode:2147483664
OBJECT: /var/www/localhost/htdocs/sarg2/Dzienne dev:0 inode:21 mode:2147483799
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /proc/meminfo dev:3 inode:4026531967 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: /etc dev:3145731 inode:16353 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/sort dev:3145731 inode:196289 mode:25
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /bin/rm dev:3145731 inode:196251 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /usr/src dev:3145731 inode:89996 mode:0
OBJECT: /boot dev:3145729 inode:2 mode:0
OBJECT: /sys dev:0 inode:1 mode:0
OBJECT: /proc/bus dev:3 inode:4026531852 mode:0
OBJECT: /proc/sys dev:3 inode:4026531853 mode:0
OBJECT: /proc/kcore dev:0 inode:20 mode:2147483648
OBJECT: /tmp dev:3145731 inode:122641 mode:279
OBJECT: /var/spool/cron/lastrun/lock dev:0 inode:18 mode:2147483926
OBJECT: /var/spool/cron/lastrun/cron.weekly dev:3145731 inode:1009663 mode:278
OBJECT: /var/spool/cron/lastrun/cron.hourly dev:3145731 inode:1008451 mode:278
OBJECT: /var/spool/cron/lastrun/cron.daily dev:3145731 inode:1009633 mode:278
OBJECT: /var/spool/cron/lastrun dev:3145731 inode:1007980 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /lib/libc-2.9.so dev:3145731 inode:1095744 mode:25
OBJECT: /lib/ld-2.9.so dev:3145731 inode:1095748 mode:24
OBJECT: /lib dev:3145731 inode:1095585 mode:0
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: /etc dev:3145731 inode:16353 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/rm dev:3145731 inode:196251 mode:25
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:16
SUBJECT: /bin/ln dev:3145731 inode:196227 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /var/spool/cron/lastrun/lock dev:0 inode:18 mode:2147483798
OBJECT: /var/spool/cron/lastrun dev:3145731 inode:1007980 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /lib/libc-2.9.so dev:3145731 inode:1095744 mode:25
OBJECT: /lib/ld-2.9.so dev:3145731 inode:1095748 mode:24
OBJECT: /lib dev:3145731 inode:1095585 mode:0
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: /etc dev:3145731 inode:16353 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev dev:14 inode:148 mode:0
OBJECT: /bin/ln dev:3145731 inode:196227 mode:25
OBJECT: /bin dev:3145731 inode:196225 mode:0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /bin/bash dev:3145731 inode:196295 mode:32800 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /bin/bash dev:3145731 inode:196295 mode:25
OBJECT: /boot dev:3145729 inode:2 mode:0
OBJECT: /sys dev:0 inode:1 mode:0
OBJECT: /root/.bash_history dev:3145731 inode:891187 mode:23
OBJECT: /root dev:3145731 inode:891185 mode:16
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:17
OBJECT: /dev/log dev:14 inode:8558 mode:0
OBJECT: /dev/port dev:14 inode:982 mode:0
OBJECT: /dev/kmem dev:14 inode:946 mode:0
OBJECT: /dev/mem dev:14 inode:968 mode:0
OBJECT: /dev/grsec dev:14 inode:9929 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/tty dev:14 inode:152 mode:23
OBJECT: /dev/null dev:14 inode:153 mode:22
OBJECT: /dev dev:14 inode:148 mode:16
OBJECT: /var/run dev:3145731 inode:1006421 mode:16
OBJECT: /var/www dev:3145731 inode:1063035 mode:150
OBJECT: /var/spool/mail dev:3145731 inode:1008341 mode:16
OBJECT: /var/spool dev:3145731 inode:997511 mode:0
OBJECT: /var dev:3145731 inode:997473 mode:0
OBJECT: /usr/sbin/run-crons dev:3145731 inode:1006641 mode:24
OBJECT: /usr/sbin dev:3145731 inode:188049 mode:0
OBJECT: /usr/bin dev:3145731 inode:89998 mode:24
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /sbin/gradm dev:3145731 inode:1041289 mode:24
OBJECT: /sbin dev:3145731 inode:98113 mode:0
OBJECT: /proc/meminfo dev:3 inode:4026531967 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /bin dev:3145731 inode:196225 mode:24
OBJECT: / dev:3145731 inode:2 mode:16
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
BIND 0.0.0.0/0:0-0
CONNECT 0.0.0.0/0:0-0
OBJECT: /boot dev:3145729 inode:2 mode:0
OBJECT: /sys dev:0 inode:1 mode:0
OBJECT: /var/log dev:3145731 inode:997500 mode:0
OBJECT: /var/www/localhost/htdocs dev:3145731 inode:1089377 mode:16
OBJECT: /var/www/localhost dev:3145731 inode:1089338 mode:16
OBJECT: /var/www dev:3145731 inode:1063035 mode:16
OBJECT: /var/spool/cron dev:3145731 inode:1006486 mode:16
OBJECT: /var/spool dev:3145731 inode:997511 mode:16
OBJECT: /var dev:3145731 inode:997473 mode:16
OBJECT: /dev/log dev:14 inode:8558 mode:0
OBJECT: /dev/port dev:14 inode:982 mode:0
OBJECT: /dev/kmem dev:14 inode:946 mode:0
OBJECT: /dev/mem dev:14 inode:968 mode:0
OBJECT: /dev/grsec dev:14 inode:9929 mode:0
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /dev/tty dev:14 inode:152 mode:23
OBJECT: /dev/null dev:14 inode:153 mode:22
OBJECT: /dev dev:14 inode:148 mode:16
OBJECT: /usr/sbin/run-crons dev:3145731 inode:1006641 mode:17
OBJECT: /usr/bin/find dev:3145731 inode:90052 mode:24
OBJECT: /usr/bin/dircolors dev:3145731 inode:90092 mode:24
OBJECT: /usr dev:3145731 inode:89937 mode:0
OBJECT: /proc/meminfo dev:3 inode:4026531967 mode:17
OBJECT: /proc/cpuinfo dev:3 inode:4026531963 mode:17
OBJECT: /proc dev:3 inode:1 mode:0
OBJECT: /lib/modules dev:3145731 inode:1095864 mode:0
OBJECT: /lib dev:3145731 inode:1095585 mode:57
OBJECT: /etc/samba/smbpasswd dev:0 inode:12 mode:2147483648
OBJECT: /etc/ppp/pap-secrets dev:0 inode:11 mode:2147483648
OBJECT: /etc/ppp/chap-secrets dev:0 inode:10 mode:2147483648
OBJECT: /etc/gshadow- dev:0 inode:9 mode:2147483648
OBJECT: /etc/gshadow dev:0 inode:8 mode:2147483648
OBJECT: /etc/shadow- dev:3145731 inode:16356 mode:0
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:0
OBJECT: /etc/passwd dev:3145731 inode:16941 mode:0
OBJECT: /etc/ssh dev:3145731 inode:16854 mode:0
OBJECT: /etc/grsec dev:3145731 inode:16891 mode:0
OBJECT: /etc dev:3145731 inode:16353 mode:25
OBJECT: /bin dev:3145731 inode:196225 mode:56
OBJECT: / dev:3145731 inode:2 mode:17
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/gradm_pam dev:3145731 inode:1041290 mode:164896 c_raise:4000 c_drop:0
CONNECT 0.0.0.0/0:2049-2049 dgram udp
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/gradm_pam dev:3145731 inode:1041290 mode:25
OBJECT: /usr/lib64 dev:0 inode:3 mode:2147483673
OBJECT: /lib64 dev:0 inode:2 mode:2147483673
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /dev/null dev:14 inode:153 mode:23
OBJECT: /dev/log dev:14 inode:8558 mode:23
OBJECT: /var/run/utmp dev:3145731 inode:1006423 mode:23
OBJECT: /dev/pts dev:10 inode:1 mode:23
OBJECT: /dev/tty dev:14 inode:152 mode:23
OBJECT: /dev dev:14 inode:148 mode:16
OBJECT: /proc dev:3 inode:1 mode:16
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /etc/nsswitch.conf dev:3145731 inode:16851 mode:17
OBJECT: /usr/share/zoneinfo dev:3145731 inode:140869 mode:17
OBJECT: /etc/pam.conf dev:0 inode:5 mode:2147483665
OBJECT: /etc/pam.d dev:3145731 inode:16809 mode:17
OBJECT: /etc/shadow dev:3145731 inode:16934 mode:17
OBJECT: /etc/passwd dev:3145731 inode:16941 mode:17
OBJECT: /etc/protocols dev:3145731 inode:16795 mode:17
OBJECT: /etc/ld.so.preload dev:0 inode:1 mode:2147483665
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: / dev:3145731 inode:2 mode:0
OBJECT: /dev/grsec dev:14 inode:9929 mode:22
SUBJECT: /sbin/gradm dev:3145731 inode:1041289 mode:164896 c_raise:4000 c_drop:0
CONNECT 0.0.0.0/0:2049-2049 dgram udp
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/gradm_pam dev:3145731 inode:1041290 mode:24
OBJECT: /sbin/gradm dev:3145731 inode:1041289 mode:25
OBJECT: /usr/lib64 dev:0 inode:3 mode:2147483673
OBJECT: /lib64 dev:0 inode:2 mode:2147483673
OBJECT: /usr/lib dev:3145731 inode:98278 mode:25
OBJECT: /lib dev:3145731 inode:1095585 mode:25
OBJECT: /dev/urandom dev:14 inode:1005 mode:17
OBJECT: /etc/protocols dev:3145731 inode:16795 mode:17
OBJECT: /etc/ld.so.preload dev:0 inode:1 mode:2147483665
OBJECT: /etc/ld.so.cache dev:3145731 inode:16905 mode:17
OBJECT: / dev:3145731 inode:2 mode:0
OBJECT: /dev/grsec dev:14 inode:9929 mode:22
ROLE: default type:default uid/gid:0
TRANSITIONS:
SUBJECT: / dev:3145731 inode:2 mode:32768 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: / dev:3145731 inode:2 mode:0
SUBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:132132 c_raise:0 c_drop:0
CONNECT 0.0.0.0/0:0-0
BIND 0.0.0.0/0:0-0
OBJECT: /sbin/grlearn dev:3145731 inode:1041291 mode:25
OBJECT: / dev:3145731 inode:2 mode:0
ROLE: admin type:special uid/gid:0
TRANSITIONS: admin
SUBJECT: / dev:3145731 inode:2 mode:167939 c_raise:ffffffff c_drop:ffffffff
OBJECT: / dev:3145731 inode:2 mode:1023
- Code: Select all
[b]policy:[/b]
role admin sA
subject / rvka
/ rwcdmlxi
role default
subject / {
/ h
-CAP_ALL
connect disabled
bind disabled
}
role root uG
role_transitions admin
role_allow_ip 0.0.0.0/32
role_allow_ip 192.168.171.1/32
subject / {
/ r
/bin xi
/etc rx
/etc/grsec h
/etc/ssh h
/etc/passwd h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/lib rxi
/lib/modules h
/proc h
/proc/cpuinfo r
/proc/meminfo r
/usr h
/usr/bin/dircolors x
/usr/bin/find x
/usr/sbin/run-crons r
/dev
/dev/null w
/dev/tty rw
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/var
/var/spool
/var/spool/cron
/var/www
/var/www/localhost
/var/www/localhost/htdocs
/var/log h
/sys h
/boot h
-CAP_ALL
bind disabled
connect disabled
}
subject /bin/bash o {
/
/bin x
/lib rx
/proc h
/proc/meminfo r
/sbin h
/sbin/gradm x
/usr h
/usr/bin x
/usr/sbin h
/usr/sbin/run-crons x
/var h
/var/spool h
/var/spool/mail
/var/www wc
/var/run
/dev
/dev/null w
/dev/tty rw
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/etc r
/etc/grsec h
/etc/ssh h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/root
/root/.bash_history rw
/sys h
/boot h
-CAP_ALL
bind disabled
connect disabled
}
subject /bin/ln o {
/ h
/bin h
/bin/ln x
/dev h
/dev/urandom r
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.9.so x
/lib/libc-2.9.so rx
/var h
/var/spool/cron/lastrun
/var/spool/cron/lastrun/lock wc
-CAP_ALL
bind disabled
connect disabled
}
subject /bin/rm o {
/
/bin h
/bin/rm x
/dev h
/dev/urandom r
/etc h
/etc/ld.so.cache r
/lib h
/lib/ld-2.9.so x
/lib/libc-2.9.so rx
/var h
/var/spool/cron/lastrun
/var/spool/cron/lastrun/cron.daily wd
/var/spool/cron/lastrun/cron.hourly wd
/var/spool/cron/lastrun/cron.weekly wd
/var/spool/cron/lastrun/lock wd
/tmp rwd
/proc/kcore h
/proc/sys h
/proc/bus h
/sys h
/boot h
/usr/src h
-CAP_ALL
bind disabled
connect disabled
}
subject /bin/sort o {
/ h
/bin h
/bin/sort x
/dev h
/dev/urandom r
/etc h
/etc/ld.so.cache r
/lib rx
/proc h
/proc/meminfo r
/var h
/var/www/localhost/htdocs/sarg2/Dzienne rwc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-general r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-general2 wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-general3 r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/sarg-sites wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/top wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug28-2009Aug28/top.tmp r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-general r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-general2 wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-general3 r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/sarg-sites wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/top wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug29-2009Aug29/top.tmp r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-general r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-general2 wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-general3 r
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/sarg-sites wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/top wc
/var/www/localhost/htdocs/sarg2/Dzienne/2009Aug30-2009Aug30/top.tmp r
/var/www/localhost/htdocs/sarg2/Tygodniowe
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-general r
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-general2 wc
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-general3 r
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/sarg-sites wc
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/top wc
/var/www/localhost/htdocs/sarg2/Tygodniowe/2009Aug24-2009Aug30/top.tmp r
/var/www/localhost/htdocs/sarg2/Tygodniowe/index.sort wc
/var/www/localhost/htdocs/sarg2/Tygodniowe/index.unsort r
/tmp rwc
-CAP_ALL
bind disabled
connect disabled
}
subject /bin/touch o {
/ h
/bin h
/bin/touch x
/dev h
/dev/urandom r
/etc h
/etc/ld.so.cache r
/lib rx
/var h
/var/spool/cron
/var/spool/cron/lastrun w
/var/spool/cron/lastrun/cron.daily wc
/var/spool/cron/lastrun/cron.hourly wc
/var/spool/cron/lastrun/cron.weekly wc
-CAP_ALL
bind disabled
connect disabled
}
subject /etc/cron.daily o {
group_transition_allow root locate
/ r
/bin xi
/boot r
/boot/grub
/boot/lost+found
/dev
/dev/null w
/dev/tty rw
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/etc rxi
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/home r
/home/szpak r
/home/szpak/.mc r
/home/szpak/.mc/cedit
/home/szpak/.ssh
/home/szpak/work
/lib rxi
/lost+found
/mnt r
/mnt/cdrom
/mnt/floppy
/opt
/proc
/proc/cmdline r
/proc/meminfo r
/proc/kcore h
/proc/sys h
/sbin rxi
/sys
/tmp rwcd
/usr r
/usr/bin
/usr/bin/find xi
/usr/bin/nice xi
/usr/bin/slocate xi
/usr/com r
/usr/com/nessus r
/usr/com/nessus/CA
/usr/i386-pc-linux-gnu r
/usr/i386-pc-linux-gnu/bin
/usr/i386-pc-linux-gnu/lib
/usr/i686-pc-linux-gnu r
/usr/i686-pc-linux-gnu/binutils-bin r
/usr/i686-pc-linux-gnu/binutils-bin/2.18
/usr/i686-pc-linux-gnu/gcc-bin r
/usr/i686-pc-linux-gnu/gcc-bin/3.4.6
/usr/lib rxi
/usr/libexec r
/usr/libexec/gcc r
/usr/libexec/gcc/i686-pc-linux-gnu r
/usr/libexec/gcc/i686-pc-linux-gnu/3.4.6
/usr/libexec/squid
/usr/local rw
/usr/lost+found
/usr/sbin
/usr/sbin/apache2 xi
/usr/sbin/logrotate xi
/usr/sbin/makewhatis rxi
/usr/share rw
/var r
/var/delta-webrsync
/var/empty
/var/lib r
/var/lib/boinc r
/var/lib/boinc/projects r
/var/lib/boinc/projects/lhcathome.cern.ch_lhcathome
/var/lib/gentoo r
/var/lib/gentoo/news
/var/lib/init.d r
/var/lib/init.d/mtime-test.8987 wcd
/var/lib/logrotate.status rw
/var/lib/mysql r
/var/lib/mysql/mysql
/var/lib/mysql/snort
/var/lib/mysql/test
/var/lib/ntop r
/var/lib/ntop/rrd r
/var/lib/ntop/rrd/graphics
/var/lib/php-pkg r
/var/lib/php-pkg/dev-lang r
/var/lib/php-pkg/dev-lang/php-5.2.10
/var/lib/samba r
/var/lib/samba/private
/var/lib/slocate w
/var/lib/slocate/slocate.db rwcd
/var/lib/slocate/slocate.db.stf rwcd
/var/lib/spool r
/var/lib/spool/prelude
/var/lock r
/var/lock/subsys r
/var/lock/subsys/psad
/var/log r
/var/log/Bastillerevert r
/var/log/Bastillerevert/backup r
/var/log/apache2 rwcd
/var/log/mysql
/var/log/portage r
/var/log/portage/elog
/var/log/samba r
/var/log/samba/cores r
/var/log/samba/cores/nmbd
/var/log/samba/cores/smbd
/var/log/snort r
/var/log/snort/archive
/var/log/squid
/var/lost+found
/var/state
/var/tmp
-CAP_ALL
+CAP_CHOWN
+CAP_DAC_OVERRIDE
+CAP_SETGID
+CAP_NET_ADMIN
bind disabled
connect disabled
}
subject /usr/bin/sarg-reports o {
/ h
/bin x
/dev h
/dev/tty rw
/dev/urandom r
/etc h
/etc/ld.so.cache r
/lib rx
/proc h
/proc/meminfo r
/usr h
/usr/bin/sarg-reports r
/usr/sbin/sarg x
/var h
/var/www/localhost/htdocs/sarg2
/var/www/localhost/htdocs/sarg2/index.html w
/root
/tmp wc
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/bin/squeezer2.pl o {
/ h
/bin h
/bin/uname x
/dev h
/dev/urandom r
/lib rx
/usr h
/usr/bin h
/usr/bin/perl5.8.8 x
/usr/bin/squeezer2.pl r
/usr/lib r
/usr/local h
/usr/local/lib
/var h
/var/log/squid r
/etc
/etc/ld.so.cache r
/etc/localtime r
/etc/squid/squid.conf r
/etc/grsec h
/etc/ssh h
/etc/passwd h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/proc
/proc/kcore h
/proc/sys h
/proc/bus h
/root
-CAP_ALL
+CAP_DAC_OVERRIDE
bind disabled
connect disabled
}
subject /usr/bin/webalizer o {
/ h
/dev h
/dev/urandom r
/etc r
/etc/grsec h
/etc/ssh h
/etc/passwd h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/lib rx
/proc h
/proc/meminfo r
/proc/stat r
/usr h
/usr/bin h
/usr/bin/webalizer x
/usr/lib rx
/var h
/var/log h
/var/log/apache2/ssl_access_log r
/var/log/squid/access.log r
/var/www h
/var/www/localhost/htdocs/apache2 rw
/var/www/localhost/htdocs/webalizer rw
/var/run
/var/tmp
-CAP_ALL
+CAP_DAC_OVERRIDE
bind 0.0.0.0/32:0 dgram ip
connect 192.168.1.2/32:53 dgram udp
}
subject /usr/sbin/apache2 o {
user_transition_allow apache
group_transition_allow apache
/ h
/dev h
/dev/urandom r
/lib h
/lib/libncurses.so.5.6 rx
/lib/libreadline.so.5.2 rx
/lib/libresolv-2.9.so rx
/proc h
/proc/sys/kernel/ngroups_max r
/usr h
/usr/lib rx
/usr/share r
/var h
/var/lib/net-snmp
/var/log/apache2 a
/var/run
/var/run/apache2.pid w
/var/www/localhost/htdocs
/etc r
/etc/grsec h
/etc/ssh h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/root
-CAP_ALL
+CAP_KILL
+CAP_SETGID
+CAP_SETUID
+CAP_NET_ADMIN
bind disabled
connect 192.168.171.128/32:443 stream tcp
}
subject /usr/sbin/cron o {
user_transition_allow root
group_transition_allow root
/
/bin h
/bin/bash x
/dev h
/dev/log rw
/etc r
/etc/grsec h
/etc/ssh h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/lib rx
/proc h
/proc/sys/kernel/ngroups_max r
/usr h
/usr/sbin/sendmail x
/var h
/var/run
/var/spool/cron/crontabs
/sys h
/boot h
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
bind disabled
connect disabled
}
subject /usr/sbin/postdrop o {
/ h
/dev h
/dev/log rw
/dev/urandom r
/etc r
/etc/postfix h
/etc/postfix/main.cf r
/etc/grsec h
/etc/ssh h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/lib rx
/usr h
/usr/lib rx
/usr/sbin h
/usr/sbin/postdrop x
/usr/share h
/usr/share/zoneinfo r
/var h
/var/run
/var/spool/postfix
/var/spool/postfix/maildrop rwcd
/var/spool/postfix/public/pickup w
-CAP_ALL
+CAP_NET_ADMIN
bind disabled
connect disabled
}
subject /usr/sbin/sarg o {
/ h
/bin h
/bin/bash x
/dev h
/dev/urandom r
/etc r
/etc/grsec h
/etc/ssh h
/etc/passwd h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/lib rx
/usr h
/usr/lib rx
/usr/lib/gconv h
/usr/lib/gconv/ISO8859-1.so rx
/usr/lib/gconv/gconv-modules.cache r
/usr/sbin h
/usr/sbin/sarg x
/tmp rwcd
/var
/var/log/squid/access.log r
/var/www rwcd
-CAP_ALL
+CAP_DAC_OVERRIDE
+CAP_SYS_RESOURCE
bind 0.0.0.0/32:0 dgram ip
connect 192.168.1.2/32:53 dgram udp
}
subject /usr/sbin/sendmail o {
/ h
/dev h
/dev/log rw
/dev/urandom r
/etc r
/etc/postfix h
/etc/postfix/main.cf r
/etc/grsec h
/etc/ssh h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/lib rx
/usr h
/usr/lib rx
/usr/sbin h
/usr/sbin/postdrop x
/usr/sbin/sendmail x
/var h
/var/run
/var/spool/postfix
-CAP_ALL
+CAP_NET_ADMIN
bind disabled
connect disabled
}
subject /usr/sbin/sshd o {
user_transition_allow root sshd
group_transition_allow root sshd
/
/bin h
/bin/bash x
/dev h
/dev/log rw
/dev/null rw
/dev/ptmx rw
/dev/pts rw
/dev/tty rw
/dev/urandom r
/etc r
/etc/grsec h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/usr h
/usr/lib
/usr/lib/libcrypto.so.0.9.8 rx
/usr/lib/libssl.so.0.9.8 rx
/usr/sbin/sshd x
/var h
/var/empty
/var/log
/var/log/faillog rw
/var/log/lastlog rw
/var/log/wtmp w
/var/run
/var/run/utmp rw
/var/spool/mail
/lib rx
/proc
/proc/sys/kernel/ngroups_max r
/proc/kcore h
/proc/bus h
/sys h
/boot h
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
+CAP_NET_ADMIN
+CAP_SYS_CHROOT
+CAP_SYS_TTY_CONFIG
bind 0.0.0.0/32:22 stream dgram ip tcp
bind 0.0.0.0/32:0 stream dgram ip tcp
connect 0.0.0.0/32:22 dgram udp
}
subject /usr/sbin/syslog-ng o {
/ h
/etc/localtime
-CAP_ALL
+CAP_SYS_ADMIN
bind disabled
connect disabled
}
role squid u
role_allow_ip 0.0.0.0/0
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/sbin/squid o {
/ h
/var h
/var/cache rwcd
-CAP_ALL
bind 0.0.0.0/32:0 stream tcp
bind 192.168.171.128/32:3128 stream tcp
connect 0.0.0.0/0:80 stream dgram tcp udp
connect 0.0.0.0/0:53 stream dgram tcp udp
}
role nobody u
role_allow_ip 192.168.171.1/32
subject / {
/ h
-CAP_ALL
bind 0.0.0.0/32:0-65535 dgram ip udp
connect 0.0.0.0/0:1024-65535 dgram udp
connect 0.0.0.0/0:53 dgram udp
# bind disabled
# connect disabled
}
subject /usr/sbin/dnsmasq o {
/ h
/etc/localtime
/etc/resolv.conf
-CAP_ALL
bind 0.0.0.0/32:0-65535 dgram ip udp
connect 0.0.0.0/0:1024-65535 dgram udp
connect 0.0.0.0/0:53 dgram udp
}
role arpwatch u
role_allow_ip 192.168.171.1/32
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/sbin/arpwatch o {
/ h
/var/lib/arpwatch
/var/lib/arpwatch/eth1.dat rwcd
/var/lib/arpwatch/eth1.dat- rwcd
/var/lib/arpwatch/eth1.dat.new rwcd
-CAP_ALL
bind disabled
connect disabled
}
role sshd u
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
role apache u
role_allow_ip 192.168.171.1/32
subject / {
/ h
-CAP_ALL
bind disabled
connect disabled
}
subject /usr/sbin/apache2 o {
/ h
-CAP_ALL
bind 192.168.171.128/32:443 stream tcp
connect disabled
}
- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
Re: learning mode and inheritance
by spender » Thu Sep 10, 2009 8:28 am
Have you tried removing this line:
role_allow_ip 192.168.171.1/32
The same for any other role that isn't working properly for you.
-Brad
role_allow_ip 192.168.171.1/32
The same for any other role that isn't working properly for you.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: learning mode and inheritance
by xperience » Thu Sep 10, 2009 9:02 am
Ok that solved problem, but that lines were generated by grlearn, why are they generated, I didn't start any of services from ssh terminal, just enabled grsecurity from ssh.
- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
Re: learning mode and inheritance
by spender » Thu Sep 10, 2009 10:13 am
You likely didn't exercise the learning mode for long enough (so it was only able to learn that the only IP tagged with nobody role was the one in your policy). The learning mode has reduction system in place, so it will initially mark roles as only being allowed by specific IPs if only a few use a given role. It will reduce this further to subnets if it observes multiple IPs from a given subnet. Going further, if it sees a decent number of IPs from multiple subnets it will reduce to allowing any IP for that role (causing the role_allow_ip line to be removed).
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: learning mode and inheritance
by xperience » Thu Sep 10, 2009 11:11 am
Only one month 
... but there is only one ip from ssh is accessed.
... but there is only one ip from ssh is accessed.- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
Re: learning mode and inheritance
by spender » Thu Sep 10, 2009 12:52 pm
Was dnsmasq ever restarted during that time? I'm guessing it wasn't, and so had the IP tagged to it the entire time. Then some time after learning was over, dnsmasq was restarted (for the security update) and had its IP cleared, which caused the denials. Which other roles did you have problems with?
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: learning mode and inheritance
by xperience » Thu Sep 10, 2009 1:02 pm
Geee....all services Restarts are made only when updating, updating is without net and without grsecurity enabled.
Restarts are made only when updating, updating is without net and without grsecurity enabled.- xperience
- Posts: 12
- Joined: Wed Sep 12, 2007 3:42 pm
13 posts
• Page 1 of 1