[grsec] sufficient learning?
Peter S. Mazinger
ps.m at gmx.net
Tue May 10 16:08:39 EDT 2005
On Tue, 10 May 2005, Igor Gueths wrote:
> Hi all. I've recently started to tinker with the RBAC system, and finding that the hardest thing to get working properly once RBAC is enabled is Postfix. I've since resorted to full learning
> mode, after finding out that 46 MB worth of learn.log wasn't enough. Is there a way to make sure that learning mode has found out all it could, or is it a case of looking through the logs of
> every daemon in use and going from there? My server is relatively low-traffic, so it might be learning for a few days. Perhaps another way is to grep learn.log after disabling the system, for
> every installed Daemon to see if it has been profiled in some way yet? Am I already doing/should perhaps be doing more to ensure complete learning? Thanks!
Enable RBAC on your system and enable learning only on
/usr/lib[exec]/postfix , and the apps in /usr/sbin/post*, with that you
should get a "good" result.
The only thing where postfix needed "special" privileges (though the dev
of postfix thought he can circumvent it), was the use of the postdrop
group, the rest is chrooted properly, so grsec will take care of that (if
enabled)
You should enable learning on that single group, the rest is running as
postfix user.
Peter
--
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2
More information about the grsecurity
mailing list