im a newbie in grsec,
i spent some time now building a policy starting with adding subject "i" on roles and subjects (no learning with "l") after doing a full learn and parsing the policy file.
i want to ask if this is the correct method and the right way building a policy from the beginning.
my policy namely now have a lot of entries in default role.
my other way of building a policy before was checking for errors in /var/log/kern.log too, but adding eg. exim4 (if it was listed in kern.log) as additional subject in the policy file and doing a learning with "l" afterwards and parsed the logs with -O. I was ending up with SEG FAULT Error with gradm -E. So i tried it with "i" only as described above.
- Code: Select all
role admin sA
subject / r
/ rwcdmlxi
role default
subject / o {
user_transition_allow nobody man
group_transition_allow nogroup man
user_transition_allow www-data
group_transition_allow www-data
group_transition_allow Debian-exim nogroup man www-data
/ h
/bin x
/boot
/cdrom
/dev
/dev/null rw
/dev/urandom r
/dev/pts rw
/dev/shm
/dev/tty rw
/dev/mem h
/dev/kmem h
/dev/port h
blablabla ....
question: is this kind of policy trash? i think its not a good idea having so many entries in default role??
Grsec 2.6.10
Debian Sarge
gradm v2.1.0