[grsec] su'ing to root

ixion ixion at indigorobot.com
Fri Nov 25 23:40:01 EST 2005


I would not do much with root at all during learning mode. Remember, if
you need to do admin tasks while Grsec is enabled (after the tweaking
and such), you can always 'gradm -a admin' to jump into unrestricted
admin mode.

Root on my grsec boxes can't even 'ls'. ;)

One thing I'd like to point out is the 'binding' (I'm not sure if that's
the correct terminology) of services/users/etc from different IPs. I
just recently put a new box on my network and allowed it ssh access
through iptables and sshd_config, yet grsec caught it and denied access
until I allowed sshd access from that IP in the grsec policy file.
Restarted gradm, and ssh access works. Now that is what I think a nice
MAC system is.

I second the praise for GRSecurity :)

Cheers!

On Fri, 2005-11-25 at 19:55 -0330, Kurt Pomeroy wrote:
> Quick question,
> 
> 	First of all I have to say thanks to the guys who replied. I 
> read my post again and wanted to edit it lol, kinda sounded noobish 
> yet ive been in Linux security and admin for 5 years now so im no noob 
> lol.
> 
> 	Ok, when the grsecurity is in its learning phase, the 
> documentation says to run the system as you normally would but try not to 
> do any administrative tasks ie adding users, changing passwords, adding 
> or removing modules, modifying daemon configuraton files etc.. but lets 
> say that I did have to su to root a few times during the 2 days or so
> that they system was in learning mode, does that effect the overall 
> security that grsec provides? I know that it does not in a way, because
> once the system is running and everything is configured (by using the 
> learning mode and by tweaking the policy file) there really isnt that much 
> of a difference between "root" and a regular user correct?
> 
> 	On the other hand, if you are root during the learning phase for 
> whatever reason, does that allow someone who lets say for example gets 
> root and tries to install a rootkit or add some sort of backdoor into the system?
> Im pretty sure this is where the MAC comes into play right? Its the same with LIDS im assuming, 
> where once the system was configured properly the user "root" was just another joe schmo
> on the system without any special permissons or privlidges.
> 
> 	Well thats all, just trying to figure out what I can and cant do during the learning phase(s).
> 
> 	cheers all
> 
> 	Really loving the new grsecurity, I will spread the word trust me.
> 
> 
> 
> 
>  -- 
> Kurt Pomeroy
> Systems Administrator / IT Technician
> Lakecrest - St. John's Independent School
> 58 Patrick Street
> St. John's, Newfoundland, Canada, A1E 2S7
> Phone: (709) 738-1212
> Facsimile: (709) 738-1701
> Website: www.lakecrest.ca
> 
> GnuPG Key: www.lakecrest.ca/kpomeroy.asc
> Key fingerprint = 7D02 411B E89A 82E1 C278  B131 54BB 02AA BBB2 C1DF
> 
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity



More information about the grsecurity mailing list