1 |
Hello, |
2 |
|
3 |
I was having problems with gradm and grsecurity2 until solar hooked me |
4 |
up with some docs he is working on. I found the learning modes quite |
5 |
helpful, but when I issued this command: |
6 |
|
7 |
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/learning.roles |
8 |
|
9 |
I got a bunch of successful looking responses. I still couldn't gradm |
10 |
-E because I had no /etc/grsec/acl. So I: |
11 |
|
12 |
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/acl |
13 |
|
14 |
This allowed me to gradm -E, but it disabled EVERYTHING! I rebooted and |
15 |
thankfully it wasn't part of my booting process yet! I intelligently |
16 |
took a look at what /etc/grsec/acl looked like AFTER I tried using |
17 |
it... duh, and found there were a lot of IP address related information |
18 |
in there. Since I'm going to be changing the IP #'s tomorrow, I'm going |
19 |
to: |
20 |
|
21 |
gradm -F -L /etc/grsec/learning.log |
22 |
|
23 |
again, and let it run for longer this time, so the system knows I want |
24 |
to be able to ssh in, su to root, use nano, and a couple other things. |
25 |
I'll report back again when I'm getting there. I'm wondering how long |
26 |
it should run - perhaps a couple of weeks to be fully trained? Then I |
27 |
will again try: |
28 |
|
29 |
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/acl |
30 |
|
31 |
and |
32 |
|
33 |
gradm -E |
34 |
|
35 |
and will report back on my efforts. If successful, then I'll try and |
36 |
see if I can get gradm -E to initialize on start up. |
37 |
|
38 |
Thanks! |
39 |
|
40 |
Al |
41 |
|
42 |
|
43 |
-- |
44 |
gentoo-hardened@g.o mailing list |