[rsbac] creating secoff and logging to rsyslog, was: rsbac_init goes RSBAC_EINVALIDREQUEST with devicemapper
Jens Kasten
jens.kasten at kasten-edv.de
Thu Dec 6 17:39:31 CET 2018
Hi
yes you setup the secoff user. Its just an user with uid and gid 400.
Usally I named the user security and set the home director to /security
on a single user machine.
I have also the home directory on my destkop for this user in
/home/admins/security.
Its just a matter of taste.
Jens
Am 06.12.2018 12:46, schrieb Palon Setin:
> Palon Setin:
> ...
>> Jens Kasten:
>>> Maybe I was wrong. If you like you can join irc on freenode.org
>>> channel
>>> rsbac.
>> You were. See below (and my other --forwarded (I mis-sent it
>> yesterday)-- mail that came to the list some 30 minutes ago).
> ...
>> It was:
>> CONFIG_RSBAC_INIT_DELAY=y
>> that solved my issue.
>
> That was the previous issue. I'm modifying the subject to reflect my
> current issue.
>
>> My current issue is:
>> I don't have a secoff, and am unable to find how I am supposed to
>> create
> ...
>> https://wiki.gentoo.org/wiki/RSBAC/Quickstart
> ...
>
>>> Once emerged, the package will have created a new user account on
>>> your
>>> system (secoff, with uid 400). He will become the security
>>> administrator
> ...
>>> Please set-up a secure password for the secoff user.
> ...
>> And I'd like to set up logging as per:
>>
>> https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng
>>
>> except on Debian systems it is rsyslog, not syslog-ng.
> ...
>> How exactly do I create secoff uid 400 ...
>>
>
> I've found the ebuild, it's old but the thing I need to do must be the
> same with rsbac-admin-1.5.3:
> https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/rsbac-admin/rsbac-admin-1.4.8.ebuild
>
> The complete snippet of their code:
>
> pkg_postinst() {
> einfo
> "********************************************************************************"
> einfo "You have to add a security user to your system if you have not
> already done so."
> einfo "The name could be 'secoff' or 'security' and, if you did not
> change the default"
> einfo "uid in the RSBAC kernel configuration, then the following will
> work:"
> einfo
> einfo " groupadd -g 400 security"
> einfo " useradd -g 400 -u 400 security"
> einfo
> einfo "We suggest you run a separate copy of syslog-ng (for example)
> to
> log RSBAC"
> einfo "messages as user 'audit' (uid 404) instead of using the
> deprecated rklogd."
> einfo "See"
> einfo
> einfo "
> http://www.rsbac.org/documentation/administration_examples/syslog-ng"
> einfo
> einfo "for more information."
> einfo
> "********************************************************************************"
> }
>
> So, since I have:
> CONFIG_RSBAC_SECOFF_UID=400
> in my kernel, I proceed with:
>
> # groupadd -g 400 secoff
> # useradd -g 400 -u 400 secoff
>
> And here, the tail -1 of /etc/{passwd,group} after I issued the above:
>
> # tail -1 /etc/group
> secoff:x:400:
> # tail -1 /etc/passwd
> secoff:x:400:400::/home/secoff:/bin/sh
> #
>
> Pls. do correct me if I'm not doing it right.
>
> And now I go and try to figure out how to do the logging as per the
> link
> to _examples/syslog-ng converted for rsyslog in Debians.
>
> That part may not be easy...
>
> Palon Setin
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list