Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This is an old revision of the document!
This is the modified syslogd init-script.
diff -u sysklogd_org sysklogd --- sysklogd_org 2008-07-03 05:22:39.000000000 +0200 +++ sysklogd 2008-07-11 16:23:35.000000000 +0200 @@ -59,7 +59,7 @@ start) echo -n "Starting system log daemon: syslogd" create_xconsole - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD + rsbac_jail -Y -i-N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD echo "." ;; stop) @@ -76,7 +76,7 @@ echo -n "Restarting system log daemon: syslogd" start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile sleep 1 - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD + rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD echo "." ;; reload-or-restart) @@ -86,7 +86,7 @@ start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile else echo -n "Restarting system log daemon: syslogd" - start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD + rsbac_jail -Y -i -N start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD fi echo "." ;;
First I have started with no params for the rsbac_jail, because I dont know what is missing.
On a second terminal I have the security-user listen with, on
cat /proc/rsbac-info/rmsg
After the syslogd init-script is modified, I stop the service /etc/init.d/syslogd stop
Then I start the service /etc/init.d/syslogd stop and look on the other terminal
This now appears on the second terminal.
<7>0000000890|rsbac_adf_request_jail(): process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! <6>0000000891|rsbac_adf_request(): request WRITE, pid 4253, ppid 4252, prog_name syslogd, prog_file /sbin/syslogd, uid 0, remote ip 192.168.1.5, target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by JAIL <7>0000000892|rsbac_adf_request_jail(): process jail 36 does not match IPC object jail 0 -> NOT_GRANTED! <6>0000000893|rsbac_adf_request(): request READ, pid 4253, ppid 4252, prog_name syslogd, prog_file /sbin/syslogd, uid 0, remote ip 192.168.1.5, target_type IPC, tid AnonPipe-ID 1833, attr none, value none, result NOT_GRANTED by JAIL
Now Iam searching for target_type
target_type IPC
and his tid:
tid AnonPipe-ID
Than I type 'rsbac_jail' and found this
\- stupid wiki -i = allow access to IPC outside this jail
Now I have the first argument for the rsbac_jail. Also this looks interesting
\- stupid wiik -N = enclose process in its private namespace
and at least
\- stupid wiki -Y = this is the syslog jail
This have to set only here but dont forget!
So this three, -Y -i -N is now added in the syslog init-script, like you can see above.
//