[rsbac] Training mode
Amon Ott
ao at rsbac.org
Mon Jun 19 10:59:49 CEST 2006
On Montag 19 Juni 2006 10:29, Michael Decker wrote:
> I've read RSBAC has a training mode, but the WIKI is still empty.
But I
> think it would be enable an easy start.
>
> Can anyone explain me this training mode?
Learning mode is per module, only AUTH and ACL have such a mode. They
need to be enabled in kernel config.
After that, you can e.g. use rsbac_auth_learn kernel parameter, and
the AUTH module will learn all required user ids used in setuid()
calls. You can also enable learning for single programs, e.g. try
"rsbac_fd_menu /usr/sbin/sshd", scroll to AUTH learning mode and
press return. Then restart sshd and watch your syslog.
If you have many small questions, you should consider joining the
#rsbac channel at irc.freenode.org for more interactive questions and
answers.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list