[rsbac] creating secoff and logging to rsyslog, was: rsbac_init goes RSBAC_EINVALIDREQUEST with devicemapper
Palon Setin
palons at danwin1210.me
Thu Dec 6 13:46:00 CET 2018
Palon Setin:
...
> Jens Kasten:
>> Maybe I was wrong. If you like you can join irc on freenode.org channel
>> rsbac.
> You were. See below (and my other --forwarded (I mis-sent it
> yesterday)-- mail that came to the list some 30 minutes ago).
...
> It was:
> CONFIG_RSBAC_INIT_DELAY=y
> that solved my issue.
That was the previous issue. I'm modifying the subject to reflect my
current issue.
> My current issue is:
> I don't have a secoff, and am unable to find how I am supposed to create
...
> https://wiki.gentoo.org/wiki/RSBAC/Quickstart
...
>> Once emerged, the package will have created a new user account on your
>> system (secoff, with uid 400). He will become the security
>> administrator
...
>> Please set-up a secure password for the secoff user.
...
> And I'd like to set up logging as per:
>
> https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng
>
> except on Debian systems it is rsyslog, not syslog-ng.
...
> How exactly do I create secoff uid 400 ...
>
I've found the ebuild, it's old but the thing I need to do must be the
same with rsbac-admin-1.5.3:
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/rsbac-admin/rsbac-admin-1.4.8.ebuild
The complete snippet of their code:
pkg_postinst() {
einfo
"********************************************************************************"
einfo "You have to add a security user to your system if you have not
already done so."
einfo "The name could be 'secoff' or 'security' and, if you did not
change the default"
einfo "uid in the RSBAC kernel configuration, then the following will
work:"
einfo
einfo " groupadd -g 400 security"
einfo " useradd -g 400 -u 400 security"
einfo
einfo "We suggest you run a separate copy of syslog-ng (for example) to
log RSBAC"
einfo "messages as user 'audit' (uid 404) instead of using the
deprecated rklogd."
einfo "See"
einfo
einfo "
http://www.rsbac.org/documentation/administration_examples/syslog-ng"
einfo
einfo "for more information."
einfo
"********************************************************************************"
}
So, since I have:
CONFIG_RSBAC_SECOFF_UID=400
in my kernel, I proceed with:
# groupadd -g 400 secoff
# useradd -g 400 -u 400 secoff
And here, the tail -1 of /etc/{passwd,group} after I issued the above:
# tail -1 /etc/group
secoff:x:400:
# tail -1 /etc/passwd
secoff:x:400:400::/home/secoff:/bin/sh
#
Pls. do correct me if I'm not doing it right.
And now I go and try to figure out how to do the logging as per the link
to _examples/syslog-ng converted for rsyslog in Debians.
That part may not be easy...
Palon Setin
More information about the rsbac
mailing list