[rsbac] ADF

Mateusz Szczyrzyca annihilator at ircnet.pl
Wed Feb 23 20:27:09 CET 2005 

Hello.

I downloaded and compiled pre-patched kernel 2.6.10 with rsbac.
This is my kernel config (rsbac):

CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
CONFIG_RSBAC_AUTO_WRITE=5
CONFIG_RSBAC_LIST_TRANS=y
CONFIG_RSBAC_LIST_TRANS_MAX_TTL=3600
CONFIG_RSBAC_LIST_TRANS_RANDOM_TA=y
CONFIG_RSBAC_DEBUG=y
CONFIG_RSBAC_SECOFF_UID=20
CONFIG_RSBAC_INIT_DELAY=y
CONFIG_RSBAC_UM=y
CONFIG_RSBAC_UM_DIGEST=y
CONFIG_RSBAC_UM_EXCL=y
CONFIG_RSBAC_UM_USER_MIN=1000
CONFIG_RSBAC_UM_GROUP_MIN=100
CONFIG_RSBAC_NET=y
CONFIG_RSBAC_NET_DEV=y
CONFIG_RSBAC_IND_NETDEV_LOG=y
CONFIG_RSBAC_NET_OBJ=y
CONFIG_RSBAC_IND_NETOBJ_LOG=y
CONFIG_RSBAC_REG=y
CONFIG_RSBAC_REG_SAMPLES=y
CONFIG_RSBAC_MAC=y
CONFIG_RSBAC_MAC_DEF_INHERIT=y
CONFIG_RSBAC_MAC_SMART_INHERIT=y
CONFIG_RSBAC_MAC_AUTH_PROT=y
CONFIG_RSBAC_MAC_UM_PROT=y
CONFIG_RSBAC_MAC_GEN_PROT=y
CONFIG_RSBAC_MAC_LIGHT=y
CONFIG_RSBAC_MAC_RESET_CURR=y
CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE=y
CONFIG_RSBAC_MAC_NET_DEV_PROT=y
CONFIG_RSBAC_MAC_NET_OBJ_PROT=y
CONFIG_RSBAC_MAC_NR_P_LISTS=4
CONFIG_RSBAC_FC=y
CONFIG_RSBAC_FC_AUTH_PROT=y
CONFIG_RSBAC_FC_GEN_PROT=y
CONFIG_RSBAC_FC_NET_DEV_PROT=y
CONFIG_RSBAC_FC_NET_OBJ_PROT=y
CONFIG_RSBAC_SIM=y
CONFIG_SIM_AUTH_PROT=y
CONFIG_RSBAC_SIM_GEN_PROT=y
CONFIG_RSBAC_SIM_NET_DEV_PROT=y
CONFIG_RSBAC_SIM_NET_OBJ_PROT=y
CONFIG_RSBAC_PM=y
CONFIG_RSBAC_PM_GEN_PROT=y
CONFIG_RSBAC_DAZ=y
CONFIG_RSBAC_DAZ_CACHE=y
CONFIG_RSBAC_DAZ_TTL=86400
CONFIG_RSBAC_DAZ_DEV_MAJOR=250
CONFIG_RSBAC_FF=y
CONFIG_RSBAC_FF_AUTH_PROT=y
CONFIG_RSBAC_FF_UM_PROT=y
CONFIG_RSBAC_FF_GEN_PROT=y
CONFIG_RSBAC_RC=y
CONFIG_RSBAC_RC_UM_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
CONFIG_RSBAC_RC_NR_P_LISTS=4
CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE=999999
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
CONFIG_RSBAC_AUTH_UM_PROT=y
CONFIG_RSBAC_AUTH_GROUP=yes
CONFIG_RSBAC_AUTH_LEARN=y
CONFIG_RSBAC_ACL=y
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_UM_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
CONFIG_RSBAC_ACL_BACKUP=y
CONFIG_RSBAC_ACL_LEARN=y
CONFIG_RSBAC_ACL_NET_DEV_PROT=y
CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
CONFIG_RSBAC_CAP=y
CONFIG_RSBAC_CAP_PROC_HIDE=y
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_JAIL=y
CONFIG_RSBAC_JAIL_NET_ADJUST=y
CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
CONFIG_RSBAC_JAIL_NR_P_LISTS=4
CONFIG_RSBAC_PAX=y
CONFIG_RSBAC_PAX_AUTH_PROT=y
CONFIG_RSBAC_PAX_DEFAULT=y
CONFIG_RSBAC_PAX_PAGEEXEC=y
CONFIG_RSBAC_PAX_EMUTRAMP=y
CONFIG_RSBAC_PAX_MPROTECT=y
CONFIG_RSBAC_PAX_RANDMMAP=y
CONFIG_RSBAC_PAX_RANDEXEC=y
CONFIG_RSBAC_PAX_SEGMEXEC=y
CONFIG_RSBAC_RES=y
CONFIG_RSBAC_RES_AUTH_PROT=y
CONFIG_RSBAC_SWITCH=y
CONFIG_RSBAC_SOFTMODE=y
CONFIG_RSBAC_SOFTMODE_IND=y
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_PROGRAM_FILE=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=512
CONFIG_RSBAC_RMSG=y
CONFIG_RSBAC_RMSG_NOSYSLOG=y
CONFIG_RSBAC_SECDEL=y
CONFIG_RSBAC_PROC_HIDE=y
CONFIG_RSBAC_FREEZE=y
CONFIG_RSBAC_FREEZE_UM=y
CONFIG_RSBAC_USER_MOD_IOPERM=y
CONFIG_RSBAC_XSTATS=y

After compilation and instalation, i boot up new kernel with rsbac_softmode 
parameter and grant privileges auth_may_setuid to /bin/login
When system booting without softmode i trying login:

Feb 23 20:13:32 debian kernel: rsbac_adf_request(): request
CHANGE_GROUP, pid 3688, ppid 1, prog_name login, prog_file /bin/login,
uid 0, audit_uid 0, target_type PROCESS, tid 3688, attr group, value
1002, result NOT_GRANTED by ADF
Feb 23 20:13:32 debian kernel: rsbac_adf_request(): gid 1002 not known
to RSBAC User Management!
Feb 23 20:13:32 debian kernel: rsbac_adf_request(): request
CHANGE_GROUP, pid 3688, ppid 1, prog_name login, prog_file /bin/login,
uid 0, audit_uid 0, target_type PROCESS, tid 3688, attr group, value
1002, result NOT_GRANTED by ADF
Feb 23 20:13:32 debian kernel: rsbac_adf_request(): uid 20 not known to
RSBAC User Management!
Feb 23 20:13:32 debian kernel: rsbac_adf_request(): request
CHANGE_OWNER, pid 3688, ppid 1, prog_name login, prog_file /bin/login,
uid 0, audit_uid 0, target_type PROCESS, tid 3688, attr owner, value 20,
result NOT_GRANTED by ADF

What's this and how this repair?

-- 
-> Best regards <-
-> mateusz[]magellan.net.pl ; JID: mateusz at jabber.atman.pl ; GG: 1005520
-> IRC Server: krakow.ircnet.pl, channels: #help, #poland, #linux, #ircd,
-> as Annihilator

More information about the rsbac mailing list