[grsec] grtool 0.2
Marc Schiffbauer
marc at schiffbauer.net
Fri Jun 24 08:14:05 EDT 2005
Hi all,
I have released grtool 0.2 which fixes some real bugs and
adds some new features.
Everybody using it should upgrade.
grtool is a small utility useful for people who are dealing with
learning logs and policy files created by and maintained for the
grsecurity RBAC system.
Some release notes:
* Please note that I changed the naming convention for split policy
files.
* Debian users: As I upgraded to sarge the package now is build on
sarge, and so I renamed the directory to 'sarge'. So be sure to
update your sources.list to:
deb http://packman.iu-bremen.de/debian/sarge/grtool ./
^^^^^
Changes since grtool 0.1:
VERSION 0.2:
FEATURES:
* New global switch: -t/--temp-dir to specify a TEMP dir
to use.
Be sure to choose a tempdir thats on the same filesystem
as the original files for better performance and saving
I/O
* shrink-log: New switch -b/--buffer-size
Default is 5M. Higher values may increase
log shrinking performance
* improved command line argument processing is much
more flexible and now allows things like
-abc instead of -a -b -c
and more...
(uses getopt)
* New global switch: -N/--no-backups to supress backup
files.
Due to changed tempfile handling the original
file will still be there if grtool gets aborted.
CHANGES:
* shrink-log: Use the '-u' switch of sort instead of
the uniq command
* split-policy: The file _include has been renamed
to "_role" as it contains the role spec + includes
for all subjects (A better filename is welcome btw...)
* split-policy: Subject files now have a ".subject" suffix
to prevent clashes with subdirectories
* split-policy: Role directories now have a
".{user,group,special}_role" suffix and no prefix
(default role is called "default_role")
* split-policy: The filename for a default subject "_default"
has been changed to "default.subject"
* Updated README
* better tempfile security using mcookie instead of pid
* better tempfile handling -> really all tempfiles go
into temp-dir
* disabled convert-log command as it is broken and I do not
know how to do it reliably :-( If you know what to do,
please tell me
BUGFIXES:
* split-policy: include statements were not always
absolute paths which could lead to an invalid policy
* shrink-log/convert-log: fixed bug where grtool exited silently
if no cstream utilily is installed
* shrink-log/convert-log: fixed possible deadlock of grtool that
could occure when processing very small learning logs
Please download it here:
http://linuxcc.de/grtool/
Debian users can use the following sources.list entry:
deb http://packman.iu-bremen.de/debian/sarge/grtool ./
(should work for sid or woody as well)
Feedback is very welcome.
Have fun.
-Marc
--
8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050624/da256d4b/attachment.pgp
More information about the grsecurity
mailing list