Issues in"Kernel Auditing" at 2.4.27 + grsecurity-

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Issues in"Kernel Auditing" at 2.4.27 + grsecurity-

Postby Stev » Thu Aug 19, 2004 7:21 am

Hi,

i'm trying to enable Kernel Auditing at two i586 Boxen running
linux-2.4.27 + grsecurity-2.0.1-2.4.27.
I enabled everything important for me, problem is that nothing is
getting logged. It makes no difference if i nail it on a special GID or
if i set it to globally logging.

The Distros used are once Debian 3.0, the other Box is SuSE 9.0

The interresting parts of my kernel .config looks like this:
(i use same .config on both boxen)

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
(If you need any more Information please let me know)

Can anyone confirm this problem and/or has a workaround/patch
so i t finally works ? :)

Regards,
Stev
Stev
 
Posts: 2
Joined: Thu Aug 19, 2004 7:07 am

Postby torne » Thu Aug 19, 2004 8:37 am

If you have sysctl support enabled for grsecurity, then all non-PaX options are off by default until enabled in /proc/sys/kernel/grsecurity, including the auditing options.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm

Postby Stev » Thu Aug 19, 2004 8:59 am

torne wrote:If you have sysctl support enabled for grsecurity, then all non-PaX options are off by default until enabled in /proc/sys/kernel/grsecurity, including the auditing options.


Oh, a quick "sysctl -w kernel/grsecurity/exec_logging=1" fixed it indeed.
Thanks alot for the fast response! :-)

Regards,
Stefv
Stev
 
Posts: 2
Joined: Thu Aug 19, 2004 7:07 am


Return to grsecurity support