praise and install issues of rsbac


From: tech-guy <tech-guy@excite.com>
Subject: praise and install issues of rsbac
Date: Wed, 19 Jan 2000 18:20:29 -0800 (PST)

Next Article (by Subject): Re: praise and install issues of rsbac ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): Re: Possible solution for SMP problems Amon Ott
Next in Thread: Re: praise and install issues of rsbac ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


hi all,


i really like this b1 security package for linux and i have nothing but
praise for it.  it was scary installing it and had much mistakes especially
by not installing the admin tools prior to a reboot!  good thing i had a
virgin kernel bootdisk laying around...

i've joined the rsbac list but i could wait sending an email for help!

lessee here is the install history:
- patched the virgin 2.2.12-4 kernel w/ the 1.09path, selected everything
except for the role switching on all models
- did this all as root and before the reboot was getting massive segfault
11's and core dumps- whew!
- after rebooting with the sparebootdisk, read more of the docs and
installed the admintools.  created the security officer role(uid400) and the
dp role (uid401) but i didn't know what the tp role was for and wh
at uid it belonged to.
- before the next reboot, i created a maintenance kernel and fixed lilo.conf
for multiple image selection - rebooted
- after the reboot, ran the sample rc and acl scripts from
/usr/src/(rs_admin_install_dir)/examples - rebooted
- getting bunches of cannot read ACL on 03:08 which i found out thru
/proc/rsbac_info was the device for hda!
- trying to run the script menu's in a plain login prompt or even in
xwindowns in xterm as root but ended w/ a plain prompt again, no segfaults,
no access violations, ran strace on each rsbac_menu_xxx and it had very
small traces of process violations i think- my resolution is at 1600x1200.
lot's of shell real estate.  read through the docs again and noticed that it
was suggested to reexport COLUMNS and ROWS from /etc/profile but thats for
bash and my primary login shells are tcsh for root, security officer and
data protection officer.
- reboots are a little cleaner now but still getting the ACL could not be
read on /dev/hda<root>
- i'm using the maintenance boot kernel a little too much though and it is
becoming a crutch

help! any tips! please!
(ps- sorry about the email plug)





_______________________________________________________
Get 100% FREE Internet Access powered by Excite
Visit http://freeworld.excite.com

-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: praise and install issues of rsbac ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): Re: Possible solution for SMP problems Amon Ott
Next in Thread: Re: praise and install issues of rsbac ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.