[rsbac] creating secoff and logging to rsyslog, was: rsbac_init goes RSBAC_EINVALIDREQUEST with devicemapper

Jens Kasten jens.kasten at kasten-edv.de
Thu Dec 6 17:39:31 CET 2018 

Hi

yes you setup the secoff user. Its just an user with uid and gid 400.
Usally I named the user security and set the home director to /security 
on a single user machine.
I have also the home directory on my destkop for this user in 
/home/admins/security.
Its just a matter of taste.

Jens


Am 06.12.2018 12:46, schrieb Palon Setin:
> Palon Setin:
> ...
>> Jens Kasten:
>>> Maybe I was wrong. If you like you can join irc on freenode.org 
>>> channel
>>> rsbac.
>> You were. See below (and my other --forwarded (I mis-sent it
>> yesterday)-- mail that came to the list some 30 minutes ago).
> ...
>> It was:
>> CONFIG_RSBAC_INIT_DELAY=y
>> that solved my issue.
> 
> That was the previous issue. I'm modifying the subject to reflect my
> current issue.
> 
>> My current issue is:
>> I don't have a secoff, and am unable to find how I am supposed to 
>> create
> ...
>> https://wiki.gentoo.org/wiki/RSBAC/Quickstart
> ...
> 
>>> Once emerged, the package will have created a new user account on 
>>> your
>>> system (secoff, with uid 400). He will become the security
>>> administrator
> ...
>>> Please set-up a secure password for the secoff user.
> ...
>> And I'd like to set up logging as per:
>> 
>> https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng
>> 
>> except on Debian systems it is rsyslog, not syslog-ng.
> ...
>> How exactly do I create secoff uid 400 ...
>> 
> 
> I've found the ebuild, it's old but the thing I need to do must be the
> same with rsbac-admin-1.5.3:
> https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/rsbac-admin/rsbac-admin-1.4.8.ebuild
> 
> The complete snippet of their code:
> 
> pkg_postinst() {
> 	einfo
> "********************************************************************************"
> 	einfo "You have to add a security user to your system if you have not
> already done so."
> 	einfo "The name could be 'secoff' or 'security' and, if you did not
> change the default"
> 	einfo "uid in the RSBAC kernel configuration, then the following will
> work:"
> 	einfo
> 	einfo "    groupadd -g 400 security"
> 	einfo "    useradd -g 400 -u 400 security"
> 	einfo
> 	einfo "We suggest you run a separate copy of syslog-ng (for example) 
> to
> log RSBAC"
> 	einfo "messages as user 'audit' (uid 404) instead of using the
> deprecated rklogd."
> 	einfo "See"
> 	einfo
> 	einfo "
> http://www.rsbac.org/documentation/administration_examples/syslog-ng"
> 	einfo
> 	einfo "for more information."
> 	einfo
> "********************************************************************************"
> }
> 
> So, since I have:
> CONFIG_RSBAC_SECOFF_UID=400
> in my kernel, I proceed with:
> 
> # groupadd -g 400 secoff
> # useradd -g 400 -u 400 secoff
> 
> And here, the tail -1 of /etc/{passwd,group} after I issued the above:
> 
> # tail -1 /etc/group
> secoff:x:400:
> # tail -1 /etc/passwd
> secoff:x:400:400::/home/secoff:/bin/sh
> #
> 
> Pls. do correct me if I'm not doing it right.
> 
> And now I go and try to figure out how to do the logging as per the 
> link
> to _examples/syslog-ng converted for rsyslog in Debians.
> 
> That part may not be easy...
> 
> Palon Setin
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac

More information about the rsbac mailing list