learning mode - 2.0rc3, can't create per subject acls?

Submit your RBAC policies or suggest policy improvements

learning mode - 2.0rc3, can't create per subject acls?

Postby darko » Thu Sep 18, 2003 3:17 pm

Hi all!
I'm having problems while trying to create some subject acls.

My "acl" file is the standard one (with some extra restrictions) and at the end (still in the default acl) I have this block:

subject /usr/sbin/sshd lo
/ h
-CAP_ALL
connect disabled
bind disabled

I enable de the ACL system with gradm -L /tmp/sshd -E

I start/stop the sshd service, log in, log out, etc, etc...
I can see the /tmp/sshd file size is increasing and its contents seem "right":

(...)
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/sshd_config 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/sshd_config 17 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_rsa_key 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_rsa_key 17 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_dsa_key 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1
(...)

All seems fine here.
Now my problem:

I try to create the acl from the learning logs using
gradm -L /tmp/sshd -O /tmp/sshd-rules

gradm doesn't give me any warnings or errors but /tmp/sshd-rules is empty.

What is happenning?
I'm probably not doing something right or missing something :/

Thanks in advance,
João P.
darko
 
Posts: 9
Joined: Thu Jun 12, 2003 8:22 am

Postby spender » Thu Sep 18, 2003 8:30 pm

Can you mail your ACL and learning log to spender@grsecurity.net ? I'll take a look at it on my machine.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby darko » Sat Sep 20, 2003 9:49 am

Hi Brad.
I updated gradm to the current cvs version and until now all seems to be working fine, sorry for the hassle.
I should have done this sooner...

Thanks for the help,
João
darko
 
Posts: 9
Joined: Thu Jun 12, 2003 8:22 am


Return to RBAC policy development