| View previous topic :: View next topic |
| Author |
Message |
BenjyD_UK
n00b
Joined: 03 Sep 2003
Posts: 44
|
 Posted: Fri Dec 05, 2003 3:50 pm Post subject: grsecurity gentoo acl policy |
 |
|
I recently installed a grsec kernel on my web server. After all the recent Linux attacks, I thought I'd set up ACLs properly. Unfortunately, I don't seem to be having much luck.
Is it just me, or is grsecurity-base-policy broken? It seems to lack policies for apache2 and postfix, both fairly common services. I tried to use learning mode to build policies, but gradm doesn't seem to read files in subdirectories of /etc/grsec/gentoo/grsecurity-base-policy/ as it's meant to.
Has anyone got Grsec ACLs working properly? Can anyone give me a few pointers as to what I need to do |
|
| Back to top |
|
 |
siti
Tux's lil' helper
Joined: 05 May 2003
Posts: 118
Location: Canterbury, New Zealand
|
| Posted: Fri Dec 05, 2003 7:15 pm Post subject: |
|
|
Yeh the package grsecurity-base-policys is extremly old so it has lots of problems!
heres some docs they are not the best, a bit confusing but they should help you setup something called learning mode. So you start apache2 up and down use it for a bit then it will learn what apache needs to access etc and make an ACL.
http://www.gentoo.org/proj/en/hardened/grsecurity.xml
http://www.grsecurity.net/gracldoc.htm
If you need anything to explained about the docs, all using learning modes with programs then I will try my best to help you  .
General rule on creating ACLS any programme that needs more than the default rule should have an ACL created which will make the programme fully restricted to the libs/binarys/files it needs! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
