[grsec] After Reading Quick Start...then what?

[Kurt Pomeroy]

Hey guys,
	Im new to grsec but not new to the idea of MAC's. I was a LIDS user for a few years but when I read an article
on linuxsecurity.com about the new grsec i decided to check it out. Ive downloaded, installed, patched and rebooted
my new 2.6.14.2 grsec kernel. I chose the "custom" option and read through and implemented the options from the
quick start guide. 

	I then put the system into full learning mode and let it run for a few days, careful not to do anything
thta would require root access.
	
	When I enable (-E) the ststem, and check my logs, I notice that klogd needs CAP_SYS_ADMIN to read/write to 
/proc, im sure there are other errors, which will be taken care as they show up, but my question is what files 
do I edit to tweak the policy to remove errors such as the one listed above?

	The quick start quide is great, but then the user is left on his own at that point. Why not add to the quick 
start guide (or write a new guide) that starts off just after you haev rebooted and enabled the system.

	An explination of the policy synthax etc would help as well. I haev checked out /etc/grsec/
and there indeed is a file called "policy" but how to we tweak the policy? or add new rules? or remove rules?
what if we install a new daemon and it needs to do something that requires more privlidges then the current policy 
allows? how do we go about changing it?

	thanks for reading guys, appreciate any and all comments

	P.S - im REALLY liking grsecurity and I will be using this sytem now was my MAC of choice. So thanks GRSEC, 
perhaps now i can sleep at nite lol




-- 
Kurt Pomeroy
Systems Administrator / IT Technician
Lakecrest - St. John's Independent School
58 Patrick Street
St. John's, Newfoundland, Canada, A1E 2S7
Phone: (709) 738-1212
Facsimile: (709) 738-1701
Website: www.lakecrest.ca

GnuPG Key: www.lakecrest.ca/kpomeroy.asc
Key fingerprint = 7D02 411B E89A 82E1 C278  B131 54BB 02AA BBB2 C1DF