LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-24-2003, 02:04 AM   #1
je_fro
Member
 
Registered: Nov 2002
Location: /texas/austin/home/desk
Distribution: Gentoo
Posts: 341

Rep: Reputation: 30
custom grsecurity-2.0 settings


Howdy!
I'm triying to get grsecurity working on a Debian bf2.4 system that will ultimately be a webserver and ftp server...maybe postfix too, someday....
Anyway, I've been over the "papers" from the grsec site and I have to say I'm no kernel hacker! I'm trying to learn about "the stack" and ELF files and mmap() and all sorts of things to get started. Sheesh! I'm trying to get a few apps into "learning mode" so I can boot my machine, because right now it just hangs there at startup, real ugly like. Can anyone tell me (or point me to some docs in ENGLISH - even gentoo's docs are over my head) how I can run gradm to put apps in learning mode while I'm not running the grsec kernel? gradm won't start on a regular kernel, and I can't boot with a grsec kernel. How is this done? Do I need special ACL's? Also, I've backed off on the grsec settings and booted, but I can't tell what's going on, except I can't look at dmesg and gkrellm doesn't see my ethernet cards. I guess that's a good thing. I still don't know exactly which grsec function was preventing me from booting, but I suspect it was disabling writing to kmem. I'll figure it out eventually.....
Where should I start? Does anybody have a kernel .config that will help?

Thanks,
je_fro

Last edited by je_fro; 07-24-2003 at 02:06 AM.
 
Old 07-24-2003, 10:26 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
how I can run gradm to put apps in learning mode while I'm not running the grsec kernel?
Can't. Need to run gradm (-E, wasnt it?) while running a -grsec kernel.

gradm won't start on a regular kernel, and I can't boot with a grsec kernel. How is this done? Do I need special ACL's?
I should fess up I don't run ACL's since 1.9.5. The learning system was really messy at that time. Once a -grsec kernel boots it'll activate any of the options you set in the kernel (at compile time), try to cover up /etc/grsec (using the default ACL's in /etc/grsec) and the /proc settings you set up with sysctl.
I remember the default ACL wasnt good and I had to tweak it to allow some processes access.
Spose i could test learning mode again now I'm running .11...

but I can't tell what's going on, except I can't look at dmesg and gkrellm doesn't see my ethernet cards.
Starting in runlevel 3 would be a better start. Dmesg you should be able to use as root. Gkrellm may not have access to some /proc or /dev files, I don't know. Running a strace on it may also reveal what it tries to open.

I still don't know exactly which grsec function was preventing me from booting, but I suspect it was disabling writing to kmem.
That's compile-time gizmoidal thingness.

Does anybody have a kernel .config that will help?
Hmm. No, mine won't help with running learning mode, besides I *did* slightly hack and repatch -grsec and kernel source to get /proc/kcore support back in, else monit wouldn't run :-] Anyway, good to know you're running -grsec, just hang in there, cuz the benefits definately outweight any other kernel patch this side of the galaxy.


If you boot in runlevel 3, and it doesn't make it to starting syslogd and dumping the kernel ring buffer (dmesg), try to note where grsec denies access and post any here, and we'll try to fit the puzzle together. If it's deb specific you'll want markus_1982 on board the troubleshooting train as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
GRsecurity dbi Slackware 6 08-28-2006 11:50 PM
Generic Custom Boot Disk Settings smudge|lala Linux - General 1 08-26-2005 08:28 PM
grsecurity and 2.6.11.7 houler Slackware 2 05-07-2005 02:21 AM
custom geforce video card--custom module? bandofmercy Linux - Hardware 3 10-14-2004 06:52 PM
GRSecurity Obie Linux - Security 6 05-31-2004 08:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration