| 1 |
Hello, |
| 2 |
|
| 3 |
I was having problems with gradm and grsecurity2 until solar hooked me |
| 4 |
up with some docs he is working on. I found the learning modes quite |
| 5 |
helpful, but when I issued this command: |
| 6 |
|
| 7 |
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/learning.roles |
| 8 |
|
| 9 |
I got a bunch of successful looking responses. I still couldn't gradm |
| 10 |
-E because I had no /etc/grsec/acl. So I: |
| 11 |
|
| 12 |
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/acl |
| 13 |
|
| 14 |
This allowed me to gradm -E, but it disabled EVERYTHING! I rebooted and |
| 15 |
thankfully it wasn't part of my booting process yet! I intelligently |
| 16 |
took a look at what /etc/grsec/acl looked like AFTER I tried using |
| 17 |
it... duh, and found there were a lot of IP address related information |
| 18 |
in there. Since I'm going to be changing the IP #'s tomorrow, I'm going |
| 19 |
to: |
| 20 |
|
| 21 |
gradm -F -L /etc/grsec/learning.log |
| 22 |
|
| 23 |
again, and let it run for longer this time, so the system knows I want |
| 24 |
to be able to ssh in, su to root, use nano, and a couple other things. |
| 25 |
I'll report back again when I'm getting there. I'm wondering how long |
| 26 |
it should run - perhaps a couple of weeks to be fully trained? Then I |
| 27 |
will again try: |
| 28 |
|
| 29 |
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/acl |
| 30 |
|
| 31 |
and |
| 32 |
|
| 33 |
gradm -E |
| 34 |
|
| 35 |
and will report back on my efforts. If successful, then I'll try and |
| 36 |
see if I can get gradm -E to initialize on start up. |
| 37 |
|
| 38 |
Thanks! |
| 39 |
|
| 40 |
Al |
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-hardened@g.o mailing list |
Archives