[rsbac] l 2.4.23 + rsbac 1.2.2 (fix 1-5) grsec freeswan(x509)
Amon Ott
ao at rsbac.org
Sat Dec 6 11:16:27 CET 2003
On Samstag, 6. Dezember 2003 01:28, Bencsath Boldizsar wrote:
> My latest merged version is available on my site
> http://boldi.hu/programs/rsbac/linux-2423-rsbac-grsec-freeswan.tgz
>
> Contains:
> linux 2.4.23
> rsbac 1.2.2 + fixes (1-5) +sample module 2 disabled
> grsecurity (latest)
> freeswan 2.04 + x509 patch 1.4.8
> +rsbac admin source
>
> it seems to be "stable" as far as I tested (few days, few different
> configs)...
>
> my remarks:
> while upgrading from rsbac 1.2.1 you should take care of AUTH capabilities
> - I've lost some (cleared), and you might want to set AUTH cap
> " 4294967293 Special: user who started program" for a "lot" of
> programs (/usr/bin/mail,/usr/bin/ssh,mtr,ping are some examples).
> Setting auth caps for lots of programs makes it real harder to do regular
> updates. Do you have any "standards" doing it in a sensitive way?
The AUTH module has been moved to generic lists between 1.2.1 and 1.2.2, and
there is no automatic way to update - this means, you will loose ALL cap
settings. Please backup with auth_back_cap and restore after starting 1.2.2.
You can safely reapply your backup after each update. There have been ideas of
an apt-get or rpm wrapper, which automatically backups attributes for all
affected files and restores them afterwards.
> Amon:
> asking for "help" in admin tools 1.2.2 rsbac_fd_menu (e.g. Rc force role)
> puts on the help of the next item (can this be an index problem of the
> menu? ( dialog 0.9a-20020309a ), with dialog dialog
> 0.9b-20031002-.. help simply exits the whole menu. (I'm unsure about the
> reason).
There is a bug in dialog, which causes this. Please try the patch at http://
rsbac.org/dialog, there is also an unchanged dialog source to apply the patch
against. Unfortunately, the dialog author(s) misunderstood my extension and
implemented it differently.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list