Page 1 of 1

[Solved] Problem with policy generated from learning mode

PostPosted: Fri May 09, 2014 5:33 pm
by countermode
Hello,

I am using gradm 3.0 with kernel 3.13.6 (specifically, Gentoo 3.13.6-hardened-r3). I experience very odd behavior. On a remote machine I entered full learning mode, ssh-ed to the machine a couple of times on several accounts, deactivated RBAC and generated a policy from the learning logs. Then I activated RBAC, but something is wrong: when I ssh to the machine, I get the shell prompt and that's it - I cannot enter anything, I cannot even terminate the session with ".~" as usual. However, any ssh session that was opened before activating RBAC continues to work fine. Even more amazing: when I deactivate RBAC, the ssh sessions remain stuck - the terminal is completely dead. However, when I terminate the ssh session locally using kill, then everything that I typed into the session is executed locally.

Any suggestions?

Here it is:

The learner adds
bind disabled
connect disabled

for sshd, which is wrong. It should be
bind 0.0.0.0/32:22 stream tcp
connect disabled