Hi
I trying to run
GLPi on hardened Gentoo VirtualBox VM.
I have tried to follow the links below
https://wiki.gentoo.org/wiki/Hardened_Gentoo
https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart
https://wiki.gentoo.org/wiki/Hardene...ty2_Quickstart
and things went pretty fine so far, I must admit.
But after putting RBAC through the learning mode and generating a policy, I am getting the following error when i do 'gradm -E'
Quote:
Viewing access is allowed by role root to /etc/grsec, the directory which stores RBAC policies and RBAC password information.
Warning: permission for symlink /lib64/libnss_dns.so.2 in role mysql, subject /usr/sbin/mysqld does not match that of its matching target object /lib64/libnss_dns-2.23.so. Symlink is specified on line 69 of /etc/grsec/policy.
There were 1 holes found in your RBAC configuration. These must be fixed before the RBAC system will be allowed to be enabled.
|
So I thought may line 69 needs tweaking...
It looked like this before editing
Quote:
57
58 # Role: mysql
59 subject /usr/sbin/mysqld o {
60 / h
61 /etc h
62 /etc/host.conf r
63 /etc/hosts r
64 /etc/ld.so.cache r
65 /etc/resolv.conf r
66 /lib64 h
67 /lib64/libnss_dns-2.23.so rx
68 /lib64/libnss_dns.so.2
69 /lib64/libresolv-2.23.so rx
70 /tmp rwcd
71 /var
72 /var/backups h
73 /var/lib rw
74 /var/log h
75 -CAP_ALL
76 bind 0.0.0.0/32:0 dgram ip
77 connect 8.8.8.8/32:53 dgram udp
78 }
79
80 role root uG
81 role_transitions admin shutdown
82 role_allow_ip 0.0.0.0/32
|
So I changed line 68 to this
Quote:
68 /lib64/libnss_dns.so.2 rx
|
Now I just get the following errors
Quote:
Viewing access is allowed by role root to /etc/grsec, the directory which stores RBAC policies and RBAC password information.
There were 1 holes found in your RBAC configuration. These must be fixed before the RBAC system will be allowed to be enabled.
|
Any ideas where I messed up
Thanks
Emon