Full learning quirks in 2.0.2 was: Re: [grsec] Reboot problem
Brad Spengler
spender at grsecurity.net
Mon Dec 13 20:46:02 EST 2004
> subject /path/to/sshd o {
> ...
> /dev/pts/0 rw
> /dev/pts/1 rw
> /dev/pts/2 rw
> /dev/pts/3 rw
> ...
> }
>
> Which should be:
> subject /path/to/sshd o {
> ...
> /dev/pts rw
> ...
> }
I've updated the learning weights in current CVS. You'll notice with
the new version, it reduces these properly.
> Another quirk after a full system learning is that the rules have to be
> edited by hand, especially to take away some /proc/PID rules. Even after
> more that 4 runs with 4 different pids, all pids are listed, most of the
> time at least.
I've modified grlearn to rewrite these rules in current CVS, so
/proc/pid/* will always get reduced to /proc and will only be written to
disk as /proc, saving huge amounts of disk space when learning with apps
like top.
> It would be nice if the documentation stated clearly that
> /etc/grsec/policy is the place for the acl.
> It took some time for me to discover that :-)
I've corrected the last two dangling references in CVS to/etc/grsec/acl
in gradm itself.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041213/00fb5384/attachment.pgp
More information about the grsecurity
mailing list