Настройка Grsecurity
Hyvaa Paivaa!
Пытаюсь обучить gradm:
Выдержка из оффдоки:
Using the learning mode is very simple. All you have to do is add “l” to the subject mode of the process, you want to enable learning for. Enable the ACL system with gradm –E. Run the application(s) you enabled learning mode for several times. This is important, since the learning mode uses a threshold–based system to determine when access should be given to a file or whether it should be given to a directory. If 4 or more similar accesses are made in a single directory (such as writing to several files in /tmp), access is granted to that directory instead of the individual files. This reduces the amount of rules you have and ensures that the application will work correctly after the final ACLs are compiled.
Once you feel you’ve given the application the normal usage it would see in real life, disable the ACL system with gradm -D (or alternatively, go into admin mode with gradm -a), and use This will place the new learned ACLs at the end of your ruleset. Simply remove the old ACLs and you’re ready to go.
http://www.grsecurity.net/gracldoc.htm#Using_Gradm_and_the_Learning_Mode
Делаю все как написано - добавляю в /etc/grsec/policy:
subject /usr/sbin/metalog lo
/ h
-CAP_ALL
# gradm -E
# /usr/sbin/metalog
# gradm -D
# gradm -L -O /etc/grsec/acl
# cat /etc/grsec/acl
а там пусто...
???
Заранее спасибо!