LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-19-2007, 07:22 PM   #1
Komelore
LQ Newbie
 
Registered: Feb 2007
Distribution: Gentoo
Posts: 10

Rep: Reputation: 0
gradm grsecurity question


Im trying to set up the policy so that any ip address can connect to a certain user. Example:
Quote:
role thomas u
role_allow_ip 172.16.1.35/32
subject / {
/ h
/bin x
/usr h
/usr/bin h
/usr/bin/dtach x
/usr/bin/irssi x
/usr/lib r
/usr/lib64 rx
/usr/lib64/gconv h
/usr/lib64/gconv/CP1252.so rx
/usr/lib64/gconv/gconv-modules.cache r
/usr/local h
/usr/local/lib64
/usr/share h
/usr/share/irssi/themes/default.theme r
/usr/share/zoneinfo r
/var h
/var/run
/var/spool/mail
/dev
/dev/null rw
/dev/ptmx rw
/dev/pts rw
/dev/tty rw
/dev/urandom r
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/dev/log h
/etc r
/etc/grsec h
/etc/ssh h
/etc/shadow h
/etc/shadow- h
/etc/gshadow h
/etc/gshadow- h
/etc/ppp/chap-secrets h
/etc/ppp/pap-secrets h
/etc/samba/smbpasswd h
/home
/home/thomas
/home/thomas/.bash_history ra
/home/thomas/irc rwc
/lib64 rx
/proc
/proc/meminfo r
/proc/sys/kernel/ngroups_max r
/proc/sys/kernel/version r
/proc/kcore h
/proc/bus h
-CAP_ALL
bind disabled
connect disabled
}
I tried to add a role_allow_ip and set it to *.*.*.*/32 but it does nto identify it. Can anyone help me that has some knowledge of gradm and grsecurity. I want to make it so that if an ip address tries to connect such as 172.16.1.39 or even something outside of my network, it would allow it.
Thanks

Last edited by Komelore; 03-19-2007 at 07:39 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question, Apples Contribution to Open Source + MacOs file structure question Higgy3k Other *NIX 5 07-25-2005 04:23 AM
Not your regular GRUB question - just a short question for a fried MBR!! ziphem Linux - General 3 01-31-2005 01:51 PM
2 part question: Speeding up MDK9.1/GNOME question wardialer Linux - Newbie 6 10-14-2004 03:16 PM
limiting users using gradm/acl ruleman Linux - Security 6 06-19-2004 04:55 AM
login prompt question & kde scheme question JustinCoyan Slackware 2 06-09-2004 02:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration