[grsec] gradm and grsec versions ! default.acl examples ?

Ned Ludd solar at gentoo.org
Tue Jul 27 17:52:24 EDT 2004 

On Tue, 2004-07-27 at 07:58, Jean-François Maeyhieux wrote:
> Hi folks !
> 
>   I recently decide to have a try on a hardened gentoo with grsecurity
> 2.0 on a 2.6.7 kernel (gentoo hardened one). I've installed (emerge)
> gradm and installed a new kernel with grsec configured. After this, i
> get:

Did you try the gradm in ~arch ?
ACCEPT_KEYWORDS="~x86" emerge gradm

As I think I pointed out already a patch exists in ~arch (testing) but
not in stable (for a reason).
If ~arch does not work open a bug at bugs.gentoo.org and assign it to
the hardened herd and we will take a new snapshot from CVS of gradm.


> 
> # gradm -version
> gradm v2.0
> Licensed under the GNU General Public License (GPL)
> Copyright 2002,2003  Brad Spengler
> 
> #  gradm -D
> Password: 
> You are using incompatible versions of gradm and grsecurity.
> Please update both versions to the ones available on the website.
> 
> #uname -a
> Linux 2.6.7-hardened-r3 #3 Sun Jul 25 17:21:40 CEST 2004 i686 AMD
> Athlon(tm) XP AuthenticAMD GNU/Linux
> 
>         So what should i do ? how could i know the accurate gradm
> version to pick up ?
> 
> 
> On other hand,  i'm looking for a grsecurity-base-policy as
> default.acl to test it... how could i manage some examples ?

gradm comes with some templates that you can base your roles on. But
brad has put alot of work into the learning mode. Give it a try it
pretty much rocks your socks off.


> 
> 
>                                                     TuTTle
> 
> 
> PGP/GPG Public Key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x63DB4770
> Key fingerprint = 4766 39E7 F30A FA2C 71A0  C6C8 1D54 72F5 63DB 4770
> 
> 
> ______________________________________________________________________
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
-- 
Ned Ludd <solar at gentoo.org>
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20040727/fddd4946/attachment-0001.pgp

More information about the grsecurity mailing list