problem with grsec2 logs (not the learning logs)

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

problem with grsec2 logs (not the learning logs)

Postby adderek » Tue Mar 09, 2004 8:25 am

Syslog logs every denial of grsec. It worked for me for a long time. After /var/log/syslog got 199kB I recived fallowing messages in /var/log/syslog:


grsec: denied unlink of /var/log/daemon.log.3.gz by /bin/rm[rm:18216] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied rename of /var/log/daemon.log.2.gz to /var/log/daemon.log.3.gz by /bin/mv[mv:18978] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied unlink of /var/log/daemon.log.3.gz by /bin/mv[mv:18978] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied rename of /var/log/daemon.log.1.gz to /var/log/daemon.log.2.gz by /bin/mv[mv:29913] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied unlink of /var/log/daemon.log.2.gz by /bin/mv[mv:29913] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds

and then syslogd stoped logging.

My questions are:
1. can anybody tell me what to do to make that 'savelog' working fine?
2. is there a possibility to save everything that is denied by syslog for anything (for programms that are not listed in /etc/grsec/acl) ?

thanks in advance and regards from Poland :)
adderek
 
Posts: 1
Joined: Tue Mar 09, 2004 8:18 am

Return to RBAC policy development

cron