[rsbac] modules at boottime

Tue Jun 3 15:33:31 MEST 2003

On Tuesday, 3. June 2003 12:34, Torsten Becker wrote:
> Amon Ott schrieb:
> >>I use a Debian based distribution called Adamantix (former Trusteddebian).
> >>They offer three kernels: one without rsbac one rsbac -soft and one 
> >>rsbac -sec. (2.4.20)
> >>They say that the kernels only differ in the rsbac settings. My nic's 
> >>are automaticaly installed with the kernel without rsbac.
> >>So I thought to have problems with the rsbac settings/restrictions.
> >>    
> >>
> >
> >Generally, if RSBAC denies anything, you will get a log message with the 
> >reason for it.
> >
> >It is possible that you use the wrong initrd file. There are two different 
> >ones for non-RSBAC and RSBAC kernels in adamantix, because RSBAC may 
change 
> >module code and thus changes the kernel version string to use a different 
set 
> >of modules. Please check your lilo.conf or grub setting for the initrd= 
> >strings.
> >
> >Now, if you boot with the wrong initrd, the RSBAC kernel does not find the 
> >module in /lib/modules/2.4.20-rsbac, because your initrd modules are in 
> >/lib/modules/2.4.20.
> >  
> >
> I checked the menu.lst of grub. It seems all to be allright. In the 
> "automatic configuration" section I found two initrd settings.
> One for the -soft kernel and one for the -sec kernel always right 
> beneath the kernel settings. I found none for the kernel without rsbac.
> Now, if I boot with the wrong initrd setting , would modprobe install me 
> the modules?
> If I have logged in the system I can do modprobe and the modules are 
> installed. If I try to do insmod , I get errors. I think these errors 
> come from the generall RC settings I read about!?

If it is RSBAC related, there must be some related output on screen (during 
boot) or in syslog. If you find some, please send it to me.

> Perhaps I have to tell, that I only configured /bin/login , portmapper 
> and sshd with rsbac_menu. I did nothing else so far.
> Do I have to add some rules about modules or block-devices ?? I read 
> something about a rule "add_to_kernel" , do I have to add this somewhere 
> to get the kernel install the nic's??

ADD_TO_KERNEL gives you the right to load a module. This right is set for 
root in all RSBAC decision modules by default.

> Can you tell me the difference between -soft and -sec kernels of adamantix?

With the softmode kernel, you can switch RSBAC into softmode, which logs 
everything, but still allows access. To try it, just add the kernel parameter 
rsbac_softmode, or as secoff, switch_module SOFTMODE 1. You will see the 
difference in /proc/rsbac-info/stats. Softmode is great for testing, I use it 
a lot myself.

The -sec kernel has softmode and module switching disabled, so all decision 
modules are always on.

Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22