full learning hangs
Posted: Mon Nov 01, 2004 1:47 pmHi there,
I've got the following problem: After having run gradm in full learning mode for two days, I tried to pass the log over to the policy file, but at a certain point, the process appears to hang (I waited for several minutes). I don't even think I have used 'find' during the learning period.
The system is used as a webserver only.
Thanx in advance,
Thomas
P.S.: The size of learning.log is about 25 MBs
I've got the following problem: After having run gradm in full learning mode for two days, I tried to pass the log over to the policy file, but at a certain point, the process appears to hang (I waited for several minutes). I don't even think I have used 'find' during the learning period.
The system is used as a webserver only.
Thanx in advance,
Thomas
root@www:/ # gradm -F -L /etc/grsec/learning.log -O /etc/grsec/policy
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user http://www...done.
Beginning full learning subject reduction for user mail...done.
Beginning full learning subject reduction for user thomas...done.
Beginning full learning subject reduction for user www-data...done.
Beginning full learning subject reduction for user absolutelynobody...done.
Beginning full learning subject reduction for user mysql...done.
Beginning full learning subject reduction for user nobody...done.
Beginning full learning subject reduction for user man...done.
Beginning full learning 3rd pass...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/bash...done.
Beginning full learning object reduction for subject /bin/chgrp...done.
Beginning full learning object reduction for subject /bin/chmod...done.
Beginning full learning object reduction for subject /bin/chown...done.
Beginning full learning object reduction for subject /bin/cp...done.
Beginning full learning object reduction for subject /bin/gzip...done.
Beginning full learning object reduction for subject /bin/ln...done.
Beginning full learning object reduction for subject /bin/ls...done.
Beginning full learning object reduction for subject /bin/mv...done.
Beginning full learning object reduction for subject /bin/rm...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /bin/touch...done.
Beginning full learning object reduction for subject /etc/cron.daily/exim...done.
Beginning full learning object reduction for subject /etc/cron.daily/standard...done.
Beginning full learning object reduction for subject /sbin/insmod...done.
Beginning full learning object reduction for subject /sbin/start-stop-daemon...done.
Beginning full learning object reduction for subject /sbin/syslogd...done.
Beginning full learning object reduction for subject /usr/bin/find...
P.S.: The size of learning.log is about 25 MBs