Page 1 of 1

Learning mode's policy is insufficient

PostPosted: Mon Apr 24, 2006 11:12 pm
by emostar
Hello, I've been working on getting a policy that works for me. Perhaps I'm missing something important though. I've had some problems with gradm creating a good policy to work with. For example, I set the policy to be most restrictive and then start gradm in full learning mode. I refresh a browser window of one of my websites on the server. I disable gradm, then create a policy. I add the policy to my existing one, start gradm and try to view my webpage again, but it fails.

I don't have the logs at the moment (I'm at work), but was just wondering if anyone knew what I could be doing wrong..

Thanks!

Jon

PostPosted: Thu Apr 27, 2006 5:47 am
by emostar
Well, I found the root of my problems...

in my httpd.conf the setting was for it to run as User nobody and Group #-1
So, in the learning log, the GID was 0xFFFFFFFF and would not be shown in the policy that -O creates.

I modified the httpd.conf file to set the Group to nobody and then it fixed the issues I have... now time to work on getting a solid policy built!

Jon

Re: Learning mode's policy is insufficient

PostPosted: Wed Sep 03, 2008 4:00 am
by taheria
Did you ever build out a solid web policy that you would be willing to share ?