Im trying to set up the policy so that any ip address can connect to a certain user. Example:
Quote:
role thomas u
role_allow_ip 172.16.1.35/32
subject / {
/ h
/bin x
/usr h
/usr/bin h
/usr/bin/dtach x
/usr/bin/irssi x
/usr/lib r
/usr/lib64 rx
/usr/lib64/gconv h
/usr/lib64/gconv/CP1252.so rx
/usr/lib64/gconv/gconv-modules.cache r
/usr/local h
/usr/local/lib64
/usr/share h
/usr/share/irssi/themes/default.theme r
/usr/share/zoneinfo r
/var h
/var/run
/var/spool/mail
/dev
/dev/null rw
/dev/ptmx rw
/dev/pts rw
/dev/tty rw
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/etc r
/etc/grsec h
/etc/ssh h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/home
/home/thomas
/home/thomas/.bash_history ra
/home/thomas/irc rwc
/lib64 rx
/proc
/proc/meminfo r
/proc/sys/kernel/ngroups_max r
/proc/sys/kernel/version r
/proc/kcore h
/proc/bus h
-CAP_ALL
bind disabled
connect disabled
}
|
I tried to add a role_allow_ip and set it to *.*.*.*/32 but it does nto identify it. Can anyone help me that has some knowledge of gradm and grsecurity. I want to make it so that if an ip address tries to connect such as 172.16.1.39 or even something outside of my network, it would allow it.
Thanks