Grsecurity works like a charm on Debian Sarge, very easy to install.I have only one nagging mesage i would like to get rid of.
Use of CAP_SYS_ADMIN denied for /sbin/klogd [klogd: 22100]
parent of /sbin/init.
Grsecurity works like a charm ,only one nagging mesage
6 posts
• Page 1 of 1
Grsecurity works like a charm ,only one nagging mesage
by Jophn Deo » Wed Oct 13, 2004 2:50 pm
- Jophn Deo
- Posts: 2
- Joined: Wed Oct 13, 2004 2:45 pm
by reedbeat » Thu Dec 09, 2004 11:11 am
Would be nice if you could post your solution for this.
Got the same error pointing to klogd after finishing full learning mode.
Tried to add /sbin/klogd x to /etc/grsec/acl, nothing happened:
Debian Sarge, Kernel 2.6.7 , Gradm 2.01
Got the same error pointing to klogd after finishing full learning mode.
- Code: Select all
gradm -E
- Code: Select all
grsec: (default:D:/) use of CAP_SYS_ADMIN denied for /sbin/klogd [klogd:3055] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds
Tried to add /sbin/klogd x to /etc/grsec/acl, nothing happened:
- Code: Select all
subject /sbin/klogd o {
/ h
/sbin/klogd x
-CAP_ALL
+CAP_SYS_ADMIN
bind disabled
connect disabled
}
- Code: Select all
gradm -a admin
Passwort:
gradm -R
Debian Sarge, Kernel 2.6.7 , Gradm 2.01
- reedbeat
- Posts: 2
- Joined: Thu Dec 09, 2004 11:03 am
by Hue-Bond » Mon Dec 13, 2004 4:36 pm
>grsec: (default:D:/) use of CAP_SYS_ADMIN denied for /sbin/klogd
>[klogd:3055] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0
>gid/egid:0/0
>grsec: more alerts, logging disabled for 10 seconds
>
>Tried to add /sbin/klogd x to /etc/grsec/acl, nothing happened:
>
>subject /sbin/klogd o {
> / h
> /sbin/klogd x
> -CAP_ALL
> +CAP_SYS_ADMIN
> bind disabled
> connect disabled
>}
Note the "(default:D:/)" text that appears at the log message. That means that klogd is not executing under its subject, but under default role, default subject. Perhaps you have to adjust something. Better use the learning system by appending an "l" (letter l, not number 1) to the "o" after the path of klogd.
(How does one use this stupid phpbb quoting system?).
>[klogd:3055] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0
>gid/egid:0/0
>grsec: more alerts, logging disabled for 10 seconds
>
>Tried to add /sbin/klogd x to /etc/grsec/acl, nothing happened:
>
>subject /sbin/klogd o {
> / h
> /sbin/klogd x
> -CAP_ALL
> +CAP_SYS_ADMIN
> bind disabled
> connect disabled
>}
Note the "(default:D:/)" text that appears at the log message. That means that klogd is not executing under its subject, but under default role, default subject. Perhaps you have to adjust something. Better use the learning system by appending an "l" (letter l, not number 1) to the "o" after the path of klogd.
(How does one use this stupid phpbb quoting system?).
- Hue-Bond
- Posts: 34
- Joined: Mon Dec 13, 2004 4:31 pm
6 posts
• Page 1 of 1