When I created the learning mode for /usr/sbin/httpd, it didn't log the writing of /var/run/httpd.pid (in redhat). Further, /etc/rc.d/init.d/httpd called logging functions (initlog) that creates errors
This should be due to improper ACL config on my part
Hopefully I can configure the / subject more properly.
With the ACL not enabled, does it protect chrooted services? For example, does it protect chrooted apache so that it would not be able to do a 2nd chroot (breaking out of chroot)? Do I have to set anything at the /proc fs for that?
I'm learning grsec too and trying to create ACLs for my redhat services.