grsecurity forums

Skip to content

grsecurity2 learning mode.

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

grsecurity2 learning mode.

Postby stone » Fri Apr 23, 2004 8:59 am

Hi Guys!

I'm fiddling around with grsecurity (have been running LIDS/SELinux/RSBAC before). But I can't get the learning mode to work. This is what I have done.
First the default "acl"
The added this at the bottom of the file
Code: Select all
subject /bin/ping lo {
    / h
   -CAP_ALL
}


Then:
Code: Select all
# gradm -E
# ping ...
# ping ...
# ping ...
# gradm -D
# gradm -L -O /etc/grsec/acl


But it's not working.
I have tested the full learning mode and that works.
Am I missing somthing here?
[/code]
stone
 
Posts: 2
Joined: Fri Apr 23, 2004 8:52 am
Top

Postby sekko » Fri Apr 23, 2004 10:14 am

You did it wrog. You have to do:

#gradm -L /root/ping-learn.log -E
# ping ...
# ping ...
# ping ...
# gradm -D
# gradm -L -O /root/ping-acl

then you'll have the ping's ACL in /root/ping-acl. You can then check the new ACL and put them in /etc/grsec/acl

Claudio
sekko
 
Posts: 13
Joined: Mon Apr 05, 2004 5:52 am
Top

Postby stone » Sun Apr 25, 2004 3:31 pm

After doing gradm -L /root/ping-learn.log -E
The file /root/ping-learn.log is zero bytes. :-?
stone
 
Posts: 2
Joined: Fri Apr 23, 2004 8:52 am
Top

Postby sekko » Mon Apr 26, 2004 9:44 am

I used:

subject /bin/ping lo {
/ h
-CAP_ALL
bind disabled
connect disabled
}

And it worked here...
sekko
 
Posts: 13
Joined: Mon Apr 05, 2004 5:52 am
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron