Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:experiences:igraltist:jail_syslogd [2008/07/12 06:03] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:jail_syslogd [2008/07/14 03:10] 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 1: | Line 1: | ||
This is the modified syslogd init-script. | This is the modified syslogd init-script. | ||
- | diff -u sysklogd_org sysklogd | + | <code bash> |
- | --- sysklogd_org 2008-07-03 05:22:39.000000000 +0200 | + | --- sysklogd_org 2008-07-03 05:22:39.000000000 +0200 |
- | +++ sysklogd 2008-07-11 16:23:35.000000000 +0200 | + | +++ sysklogd 2008-07-11 16:23:35.000000000 +0200 |
- | @@ -59,7 +59,7 @@ | + | @@ -59,7 +59,7 @@ |
- | start) | + | start) |
- | echo -n "Starting system log daemon: syslogd" | + | echo -n "Starting system log daemon: syslogd" |
- | create_xconsole | + | create_xconsole |
- | - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD |
- | + rsbac_jail -Y -i-N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | + rsbac_jail -Y -i-N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD |
- | echo "." | + | echo "." |
- | ;; | + | ;; |
- | stop) | + | stop) |
- | @@ -76,7 +76,7 @@ | + | @@ -76,7 +76,7 @@ |
- | echo -n "Restarting system log daemon: syslogd" | + | echo -n "Restarting system log daemon: syslogd" |
- | start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile | + | start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile |
- | sleep 1 | + | sleep 1 |
- | - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD |
- | + rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | + rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD |
- | echo "." | + | echo "." |
- | ;; | + | ;; |
- | reload-or-restart) | + | reload-or-restart) |
- | @@ -86,7 +86,7 @@ | + | @@ -86,7 +86,7 @@ |
- | start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile | + | start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile |
- | else | + | else |
- | echo -n "Restarting system log daemon: syslogd" | + | echo -n "Restarting system log daemon: syslogd" |
- | - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD |
- | + rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | + rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD |
- | fi | + | fi |
- | echo "." | + | echo "." |
- | ;; | + | ;; |
+ | |||
+ | </code> | ||
First I have started with no params for the rsbac_jail, because I dont know what is missing. | First I have started with no params for the rsbac_jail, because I dont know what is missing. | ||
Line 44: | Line 46: | ||
This now appears on the second terminal. | This now appears on the second terminal. | ||
- | <7>0000000890|rsbac_adf_request_jail(): process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! | + | <code bash> |
- | <6>0000000891|rsbac_adf_request(): request WRITE, pid 4253, ppid 4252, prog_name syslogd, prog_file /sbin/syslogd, uid 0, remote ip 192.168.1.5, target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by JAIL | + | <7>0000000890|rsbac_adf_request_jail(): process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! |
- | <7>0000000892|rsbac_adf_request_jail(): process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! | + | <6>0000000891|rsbac_adf_request(): request WRITE, pid 4253, ppid 4252, prog_name syslogd, prog_file /sbin/syslogd, uid 0, remote ip 192.168.1.5, target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by JAIL |
- | <6>0000000893|rsbac_adf_request(): request READ, pid 4253, ppid 4252, prog_name syslogd, prog_file /sbin/syslogd, uid 0, remote ip 192.168.1.5, target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by JAIL | + | <7>0000000892|rsbac_adf_request_jail(): process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! |
+ | <6>0000000893|rsbac_adf_request(): request READ, pid 4253, ppid 4252, prog_name syslogd, prog_file /sbin/syslogd, uid 0, remote ip 192.168.1.5, target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by JAIL | ||
+ | </code> | ||
Now Iam searching for target_type | Now Iam searching for target_type | ||
Line 55: | Line 59: | ||
Than I type 'rsbac_jail' and found this | Than I type 'rsbac_jail' and found this | ||
- | * -i = allow access to IPC outside this jail | + | \- stupid wiki |
+ | -i = allow access to IPC outside this jail | ||
Now I have the first argument for the rsbac_jail. Also this looks interesting | Now I have the first argument for the rsbac_jail. Also this looks interesting | ||
- | * -N = enclose process in its private namespace | + | \- stupid wiik |
+ | -N = enclose process in its private namespace | ||
and at least | and at least | ||
- | * -Y = this is the syslog jail | + | \- stupid wiki |
+ | -Y = this is the syslog jail | ||
This have to set only here but dont forget! | This have to set only here but dont forget! | ||