a deny while in full learn mode?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

a deny while in full learn mode?

Postby peetaur » Sun Oct 26, 2014 4:22 pm

how weird ... a deny while in full learn mode?

Code: Select all
# sort -u learning.log > learning.log.uniq
# wc -l learning.log.uniq
4799481 learning.log.uniq

# gradm -F -L learning.log -O policy     
Unable to open learning log: /etc/grsec/learning/learning.log.
Error: No such file or directory

# dmesg -T | tail
[Sun Oct 26 21:06:44 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15533] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:15530] uid/euid:0/0 gid/egid:0/0


I can read the file with other things (some python I wrote, or uniq, or sort, etc.), but not gradm :D


And I had to run "gradm -D" twice to disable it.

Code: Select all
# gradm -D
Password:

# time gradm -F -L learning.log.uniq -O policy     
Unable to open learning log: /etc/grsec/learning/learning.log.uniq.
Error: No such file or directory

# gradm -D
Password:

# gradm -D
The operation you requested cannot be performed because the RBAC system is currently disabled.

# time gradm -F -L learning.log.uniq -O policy
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
[...]


Code: Select all
[Sun Oct 26 21:06:25 2014] grsec: shutdown auth success for /sbin/gradm[gradm:15515] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:25 2014] grsec: (default:D:/sbin/gradm) grsecurity 3.0 RBAC system loaded by /sbin/gradm[gradm:15520] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/pm-grsec[pm-grsec:15518] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:30 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log.uniq by /sbin/gradm[gradm:15526] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:33 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15527] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:39 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15528] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:06:44 2014] grsec: (default:D:/sbin/gradm) denied access to hidden file /etc/grsec/learning/learning.log by /sbin/gradm[gradm:15533] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:15530] uid/euid:0/0 gid/egid:0/0
[Sun Oct 26 21:08:24 2014] grsec: shutdown auth success for /sbin/gradm[gradm:15574] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14654] uid/euid:0/0 gid/egid:0/0
peetaur
 
Posts: 23
Joined: Sat Oct 04, 2014 3:26 pm

Return to grsecurity support

cron