| 1 |
Konstantin V. Arkhipov wrote:
|
| 2 |
|
| 3 |
>>Еще вопрос - никто не пробовал скрестить Grsecurity и Vserver? |
| 4 |
>> |
| 5 |
>> |
| 6 |
> |
| 7 |
>afair, это забросили в середине 2004го. впрочем, могу ошибаться. |
| 8 |
> |
| 9 |
> |
| 10 |
У-у-у-у...
|
| 11 |
Жаль...
|
| 12 |
|
| 13 |
Последний вопрос, понимаю что не в тему рассылки, но правда последний:
|
| 14 |
|
| 15 |
пытаюсь обучить gradm:
|
| 16 |
|
| 17 |
Выдержка из оффдоки:
|
| 18 |
|
| 19 |
Using the learning mode is very simple. All you have to do is add “l” to
|
| 20 |
the subject mode of the process, you want to enable learning for. Enable
|
| 21 |
the ACL system with gradm –E. Run the application(s) you enabled
|
| 22 |
learning mode for several times. This is important, since the learning
|
| 23 |
mode uses a threshold–based system to determine when access should be
|
| 24 |
given to a file or whether it should be given to a directory. If 4 or
|
| 25 |
more similar accesses are made in a single directory (such as writing to
|
| 26 |
several files in /tmp), access is granted to that directory instead of
|
| 27 |
the individual files. This reduces the amount of rules you have and
|
| 28 |
ensures that the application will work correctly after the final ACLs
|
| 29 |
are compiled.
|
| 30 |
Once you feel you’ve given the application the normal usage it would see
|
| 31 |
in real life, disable the ACL system with gradm -D (or alternatively, go
|
| 32 |
into admin mode with gradm -a), and use This will place the new learned
|
| 33 |
ACLs at the end of your ruleset. Simply remove the old ACLs and you’re
|
| 34 |
ready to go.
|
| 35 |
|
| 36 |
http://www.grsecurity.net/gracldoc.htm#Using_Gradm_and_the_Learning_Mode
|
| 37 |
|
| 38 |
Делаю все как написано - добавляю в /etc/grsec/policy:
|
| 39 |
|
| 40 |
subject /usr/sbin/metalog lo
|
| 41 |
/ h
|
| 42 |
-CAP_ALL
|
| 43 |
|
| 44 |
|
| 45 |
# gradm -E
|
| 46 |
# /usr/sbin/metalog
|
| 47 |
# gradm -D
|
| 48 |
# gradm -L -O /etc/grsec/acl
|
| 49 |
# cat /etc/grsec/acl
|
| 50 |
а там пусто...
|
| 51 |
|
| 52 |
???
|
| 53 |
|
| 54 |
Заранее спасибо!
|
| 55 |
--
|
| 56 |
gentoo-user-ru@g.o mailing list |
Archives