| 1 |
brant williams schrieb: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA256 |
| 4 |
> |
| 5 |
> |
| 6 |
> Hallo, Markus! Wie geht's dir? |
| 7 |
> |
| 8 |
> The first place I'd look is in the syslog, while attempting to stop the |
| 9 |
> service... also, the output of `dmesg` might show something that you |
| 10 |
> missed... I'm not sure which system logger you use, but with the |
| 11 |
> "hardened" USE flag enabled, syslog-ng's default config will split the |
| 12 |
> logs into multiple files for various facilities (auth.log, kern.log, |
| 13 |
> mail.log, etc). |
| 14 |
> |
| 15 |
> Which dhcp client are you using? I've never run it in a chroot and |
| 16 |
> would like to try and duplicate your issue. I just installed |
| 17 |
> "net-misc/dhcpcd" on my grsec box, but do not see a way to run it |
| 18 |
> chrooted. Can you share your configuration/installation steps? |
| 19 |
> |
| 20 |
> Tschuess! |
| 21 |
> |
| 22 |
> |
| 23 |
> brant williams |
| 24 |
> FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 |
| 25 |
> |
| 26 |
> |
| 27 |
> |
| 28 |
> On Wed, 8 Oct 2008, Markus Bartl wrote: |
| 29 |
> |
| 30 |
>> Date: Wed, 08 Oct 2008 14:45:54 +0200 |
| 31 |
>> From: Markus Bartl <hardened@××××××××××××××××.de> |
| 32 |
>> Reply-To: gentoo-hardened@l.g.o |
| 33 |
>> To: gentoo-hardened@l.g.o |
| 34 |
>> Subject: [gentoo-hardened] /etc/init.d/named stop hangs |
| 35 |
>> |
| 36 |
>> Hi there. |
| 37 |
>> |
| 38 |
>> I got the problem that stopping named hangs. |
| 39 |
>> Im using hardened-sources with grsec and pax enabled. |
| 40 |
>> grsec is enabled with server profile. kernel.grsecurity.chroot_caps is |
| 41 |
>> disabled to get dhcp running. |
| 42 |
>> SELinux and RBAC are disabled. |
| 43 |
>> The logfiles dont give any hint. |
| 44 |
>> Any idea would be helpful. |
| 45 |
>> |
| 46 |
>> Thanks in advance and many regards, |
| 47 |
>> Markus |
| 48 |
>> |
| 49 |
>> |
| 50 |
>> |
| 51 |
> -----BEGIN PGP SIGNATURE----- |
| 52 |
> Version: GnuPG v2.0.9 (GNU/Linux) |
| 53 |
> |
| 54 |
> iEYEAREIAAYFAkjs1g8ACgkQdCBnhE3rYALH1gCdFXE34cjqjiylbRn+CIp+PDMd |
| 55 |
> GucAoKZTw3t/p5Q2nGlWSw+VpERxfp/O |
| 56 |
> =gJqb |
| 57 |
> -----END PGP SIGNATURE----- |
| 58 |
> |
| 59 |
|
| 60 |
Hi Brant. |
| 61 |
As mentioned in another mail, I fixed the problem. |
| 62 |
rndc tried to open tcp port 965. |
| 63 |
Had to accept packages from "bad-guy" localhost in iptables. |
| 64 |
|
| 65 |
To my dhcp installation: You are running dhcpcd which is a dhcp-client. |
| 66 |
I dont know if you can run in chrooted (never looked). |
| 67 |
|
| 68 |
Ive installed net-misc/dhcp (dhcp server). You can define a |
| 69 |
chroot-directory in /etc/conf.d/dhcpd (DHCPD_CHROOT) and then run emerge |
| 70 |
--config dhcp. |
| 71 |
|
| 72 |
Servus. |
| 73 |
Markus |
Archives