wiki:experiences:igraltist:jail_syslogd
=>  Releases

Current version
Git/Snapshot: 1.5.3
Release: 1.5.0

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:experiences:igraltist:jail_syslogd [2008/07/12 06:03]
127.0.0.1 (old revision restored)
wiki:experiences:igraltist:jail_syslogd [2008/07/14 03:10]
127.0.0.1 (old revision restored)
Line 1: Line 1:
 This is the modified syslogd init-script. This is the modified syslogd init-script.
-  diff -u sysklogd_org sysklogd +<code bash> 
-  --- sysklogd_org 2008-07-03 05:​22:​39.000000000 +0200 +--- sysklogd_org 2008-07-03 05:​22:​39.000000000 +0200 
-  +++ sysklogd 2008-07-11 16:​23:​35.000000000 +0200 ++++ sysklogd 2008-07-11 16:​23:​35.000000000 +0200 
-  @@ -59,7 +59,7 @@ +@@ -59,7 +59,7 @@ 
-     ​start) +   ​start) 
-       ​echo -n "​Starting system log daemon: syslogd"​ +     ​echo -n "​Starting system log daemon: syslogd"​ 
-       ​create_xconsole +     ​create_xconsole 
-  -    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD +-    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD 
-  +    rsbac_jail -Y -i-N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD ++    rsbac_jail -Y -i-N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD 
-       ​echo "​."​ +     ​echo "​."​ 
-       ​;; +     ​;; 
-     ​stop) +   ​stop) 
-  @@ -76,7 +76,7 @@ +@@ -76,7 +76,7 @@ 
-       ​echo -n "​Restarting system log daemon: syslogd"​ +     ​echo -n "​Restarting system log daemon: syslogd"​ 
-       ​start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile +     ​start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile 
-       ​sleep 1 +     ​sleep 1 
-  -    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD +-    start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD 
-  +    rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD ++    rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD 
-       ​echo "​."​ +     ​echo "​."​ 
-       ​;; +     ​;; 
-     ​reload-or-restart) +   ​reload-or-restart) 
-  @@ -86,7 +86,7 @@ +@@ -86,7 +86,7 @@ 
-     ​start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile +     ​start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile 
-       ​else +     ​else 
-  ​   ​echo -n "​Restarting system log daemon: syslogd"​ +   echo -n "​Restarting system log daemon: syslogd"​ 
-  -   ​start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD +      ​start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD 
-  +   ​rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD ++ rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD 
-       ​fi +     ​fi 
-       ​echo "​."​ +     ​echo "​."​ 
-       ​;;+     ​;; 
 + 
 +</​code>​
  
 First I have started with no params for the rsbac_jail, because I dont know what is missing. First I have started with no params for the rsbac_jail, because I dont know what is missing.
Line 44: Line 46:
  
 This now appears on the second terminal. This now appears on the second terminal.
-  ​<​7>​0000000890|rsbac_adf_request_jail():​ process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! +<code bash> 
-  <​6>​0000000891|rsbac_adf_request():​ request WRITE, pid 4253, ppid 4252, prog_name syslogd, prog_file /​sbin/​syslogd, ​   uid 0, remote ip 192.168.1.5,​ target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by   ​JAIL +<​7>​0000000890|rsbac_adf_request_jail():​ process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! 
-  <​7>​0000000892|rsbac_adf_request_jail():​ process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! +<​6>​0000000891|rsbac_adf_request():​ request WRITE, pid 4253, ppid 4252, prog_name syslogd, prog_file /​sbin/​syslogd, ​   uid 0, remote ip 192.168.1.5,​ target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by   ​JAIL 
-  <​6>​0000000893|rsbac_adf_request():​ request READ, pid 4253, ppid 4252, prog_name syslogd, prog_file /​sbin/​syslogd, ​ uid 0, remote ip 192.168.1.5,​ target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by  JAIL+<​7>​0000000892|rsbac_adf_request_jail():​ process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! 
 +<​6>​0000000893|rsbac_adf_request():​ request READ, pid 4253, ppid 4252, prog_name syslogd, prog_file /​sbin/​syslogd, ​ uid 0, remote ip 192.168.1.5,​ target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by  JAIL 
 +</​code>​
  
 Now Iam searching for target_type Now Iam searching for target_type
Line 55: Line 59:
  
 Than I type '​rsbac_jail'​ and found this Than I type '​rsbac_jail'​ and found this
-  ​-i = allow access to IPC outside this jail+  ​\- stupid wiki 
 +  ​-i = allow access to IPC outside this jail
  
 Now I have the first argument for the rsbac_jail. Also this looks interesting ​ Now I have the first argument for the rsbac_jail. Also this looks interesting ​
-  ​-N = enclose process in its private namespace+  ​\- stupid wiik 
 +  ​-N = enclose process in its private namespace
  
 and at least and at least
-  ​-Y = this is the syslog jail+  ​\- stupid wiki 
 +  ​-Y = this is the syslog jail
 This have to set only here but dont forget! This have to set only here but dont forget!
  
//
wiki/experiences/igraltist/jail_syslogd.txt · Last modified: 2008/07/14 03:10 by 127.0.0.1

wiki/experiences/igraltist/jail_syslogd.txt · Last modified: 2008/07/14 03:10 by 127.0.0.1
This website is kindly hosted by m-privacy