[rsbac] nsswitch and pam configuration for UM

Thu Dec 13 14:59:00 CET 2018

Amon Ott:

> To see what happens, try
> echo debug_aef_um 1 >/proc/rsbac-info/debug
> 
> Replace 1 with 0 to disable debugging.
> 
> Amon.
> 
Not completely sure, but I think it works...

2018-12-13T13:38:24.008007+00:00 myhost kernel: [  316.024619]
0000000438|debug_proc_write(): setting rsbac_debug_aef_um to 1
2018-12-13T13:39:01.727169+00:00 myhost kernel: [  353.743479]
0000000439|sys_rsbac_um_check_account_name(): checking user root
2018-12-13T13:39:01.727196+00:00 myhost kernel: [  353.743493]
0000000440|rsbac_um_check_account(): pid 3468(cron): checking account
for user 0
2018-12-13T13:39:01.727202+00:00 myhost kernel: [  353.743532]
0000000441|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:01.728161+00:00 myhost kernel: [  353.744352]
0000000442|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:01.729150+00:00 myhost kernel: [  353.745862]
0000000443|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:01.730157+00:00 myhost kernel: [  353.746458]
0000000444|rsbac_adf_request(): request CHANGE_OWNER, pid 3469, ppid
3468, prog_name cron, prog_file /usr/sbin/cron, uid 0, target_type
PROCESS, tid 3469(cron,parent=3468(cron)), attr owner, value 0, result
NOT_GRANTED (Softmode) by AUTH
2018-12-13T13:39:18.018144+00:00 myhost kernel: [  370.034443]
0000000445|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.898203+00:00 myhost kernel: [  375.914616]
0000000446|sys_rsbac_um_auth_name(): authenticating user root
2018-12-13T13:39:23.898237+00:00 myhost kernel: [  375.914629]
0000000447|rsbac_um_check_pass(): pid 3427(login): checking password for
user 0
2018-12-13T13:39:23.898245+00:00 myhost kernel: [  375.914652]
0000000448|sys_rsbac_um_auth_name(): setting process 3427 vset to 0
2018-12-13T13:39:23.898250+00:00 myhost kernel: [  375.914677]
0000000449|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.898255+00:00 myhost kernel: [  375.914715]
0000000450|sys_rsbac_um_check_account_name(): checking user root
2018-12-13T13:39:23.898260+00:00 myhost kernel: [  375.914729]
0000000451|rsbac_um_check_account(): pid 3427(login): checking account
for user 0
2018-12-13T13:39:23.898267+00:00 myhost kernel: [  375.914739]
0000000452|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.898301+00:00 myhost kernel: [  375.914798]
0000000453|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.899152+00:00 myhost kernel: [  375.915327]
0000000454|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.899168+00:00 myhost kernel: [  375.915783]
0000000455|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.908155+00:00 myhost kernel: [  375.924183]
0000000456|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.908171+00:00 myhost kernel: [  375.924269]
0000000457|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.908176+00:00 myhost kernel: [  375.924662]
0000000458|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.908182+00:00 myhost kernel: [  375.924710]
0000000459|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.909185+00:00 myhost kernel: [  375.925047]
0000000460|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:23.909201+00:00 myhost kernel: [  375.925511]
0000000461|sys_rsbac_um_get_gid(): looking up 4294967295/tty
2018-12-13T13:39:23.909205+00:00 myhost kernel: [  375.925536]
0000000462|rsbac_adf_request(): request SEARCH, pid 3427, ppid 1,
prog_name login, prog_file /bin/login, uid 0, target_type GROUP, tid 5,
attr none, value none, result NOT_GRANTED (Softmode) by RC
2018-12-13T13:39:23.909210+00:00 myhost kernel: [  375.925543]
0000000463|sys_rsbac_um_get_group_item(): getting item 0 for 0/5
2018-12-13T13:39:23.909216+00:00 myhost kernel: [  375.925557]
0000000464|rsbac_adf_request(): request SEARCH, pid 3427, ppid 1,
prog_name login, prog_file /bin/login, uid 0, target_type GROUP, tid 5,
attr none, value none, result NOT_GRANTED (Softmode) by RC
2018-12-13T13:39:23.909221+00:00 myhost kernel: [  375.925577]
0000000465|rsbac_adf_request(): request READ, pid 3427, ppid 1,
prog_name login, prog_file /bin/login, uid 0, target_type GROUP, tid 5,
attr none, value none, result NOT_GRANTED (Softmode) by RC
2018-12-13T13:39:23.909226+00:00 myhost kernel: [  375.925592]
0000000466|rsbac_adf_request(): request READ, pid 3427, ppid 1,
prog_name login, prog_file /bin/login, uid 0, target_type GROUP, tid 5,
attr none, value none, result NOT_GRANTED (Softmode) by RC
2018-12-13T13:39:23.910225+00:00 myhost kernel: [  375.926362]
0000000467|rsbac_adf_request(): request CHANGE_OWNER, pid 3524, ppid
3427, prog_name login, prog_file /bin/login, uid 0, target_type PROCESS,
tid 3524(login,parent=3427(login)), attr owner, value 0, result
NOT_GRANTED (Softmode) by AUTH
2018-12-13T13:39:23.910253+00:00 myhost kernel: [  375.926555]
0000000468|sys_rsbac_um_get_uid(): looking up 4294967295/root
2018-12-13T13:39:43.521220+00:00 myhost kernel: [  395.537041]
0000000469|sys_rsbac_um_get_group_item(): getting item 0 for 0/0
2018-12-13T13:39:58.667161+00:00 myhost kernel: [  410.683556]
0000000470|sys_rsbac_um_get_uid(): looking up 4294967295/*
2018-12-13T13:39:59.231213+00:00 myhost kernel: [  411.247756]
0000000471|sys_rsbac_um_get_uid(): looking up 4294967295/*
2018-12-13T13:40:00.233385+00:00 myhost kernel: [  412.249253]
0000000472|sys_rsbac_um_get_uid(): looking up 4294967295/*
2018-12-13T13:40:00.519168+00:00 myhost kernel: [  412.535301]
0000000473|sys_rsbac_um_get_group_item(): getting item 0 for 0/0
2018-12-13T13:40:04.301215+00:00 myhost kernel: [  416.317816]
0000000474|sys_rsbac_um_get_group_item(): getting item 0 for 0/0
2018-12-13T13:40:22.783223+00:00 myhost kernel: [  434.799452]
0000000475|sys_rsbac_um_get_uid(): looking up 4294967295/*

If this is it, then great. Thanks for the fine program!

And there so much more to learn to use it right, but it is great security!

Sincerely,
Palon Setin