ident-server problem

Discuss and suggest new grsecurity features

ident-server problem

Postby OndRkee » Wed Apr 09, 2003 10:25 am

Hi!
A friend of me updated my kernel and installed grsec. at the same time. Since that day, I cant seem to get my ident-server (oidentd) to work.. is there some reason it wouldnt work due to some grsec. config?
if so, how can I fix it?
OndRkee
 
Posts: 2
Joined: Wed Apr 09, 2003 10:21 am

Re: ident-server problem

Postby PaX Team » Wed Apr 09, 2003 1:00 pm

OndRkee wrote:Since that day, I cant seem to get my ident-server (oidentd) to work.. is there some reason it wouldnt work due to some grsec. config?
this is a rather vague description, can you be more specific? also, can you look at your syslogs and see if there's anything logged by PaX or grsec?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby OndRkee » Wed Apr 09, 2003 5:07 pm

when I try to connecte to an irc-server, this appears in the syslog:
Apr 9 23:59:51 localhost oidentd[10693]: Connection from irc.banetele.no (213.239.111.2):0
Apr 9 23:59:51 localhost oidentd[10693]: [irc.banetele.no] 33705 , 6667 : ERROR : NO-USER

the reason I "suspect" grsec. to be the reason of this error, is that this install is a 99% match of my old box, except that this kernel is patched with grsec.
Unfortiunable the dude who did it for me is gone for some days, so I cant get help from he atm..
OndRkee
 
Posts: 2
Joined: Wed Apr 09, 2003 10:21 am

Postby solar » Wed Apr 09, 2003 7:33 pm

Whats happening is your oidentd is running as user nobody or some user that nolonger has permisison to read /proc/net/dev

What I do to get oidnetd working is I create a user,group for proc
groupadd -g 75 proc
useradd -s /bin/false -d /proc -u 75 proc
passwd -l proc
I then edit my /etc/fstab from
-- default --
proc /proc proc defaults 0 0
-- pimp --
proc /proc proc defaults,uid=75,gid=75 0 0

Option: edit your /etc/oidentd.conf

# you may want to hide root connections
user "root" {
default {
force reply "UNKNOWN"
}
}

user "proc" {
default {
force reply "auth"
}
}
---------------
Oh and make sure you start your oidentd as user proc
oidentd -u proc -g proc -p 113 -r unknown
solar
 
Posts: 2
Joined: Tue Apr 08, 2003 10:38 am

Postby erce » Sat Sep 13, 2003 11:52 pm

If you neabled proc limitations, try setting the group uder which the ident daemon runs to the group to which you limited access to the /proc filesystem.
For me this works with identd.
erce
 
Posts: 3
Joined: Sat Sep 13, 2003 11:27 pm


Return to grsecurity development

cron