Re: 1.1.2-pre8 first run

From: Amon Ott <ao@rsbac.org>
Subject: Re: 1.1.2-pre8 first run
Date: Mon, 30 Jul 2001 10:20:57 +0200

Next Article (by Subject): Re: 1.1.2-pre8 first run Arkady A Drovosekov
Previous Article (by Subject): 1.1.2-pre8 first run Arkady A Drovosekov
Top of Thread: 1.1.2-pre8 first run Arkady A Drovosekov
Next in Thread: Re: 1.1.2-pre8 first run Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject] 

On Fre, 27 Jul 2001 Arkady A Drovosekov wrote:
> strange with 1.1.2-pre8:
> I've compiled (on host1) and install (on host2) 1.1.2pre8 for kernel 2.2.19
> for host2 it was first run of rsbac kernel
> during boot I got messages like 'not permitted' for: modprobe, ipchains,
> mgetty, all daemons (for daemons it normal), umount
> trying to login as any user (including root) on console get a message
> like that 'operation not permitted'. And it is absolutely impossible to login.

This looks like a useraci entry for root missing, which should have been
created automatically. Hmm. I have been compiling on one machine and running on
another for ages, and I happen to delete all /rsbac dirs from time to time.

Just rechecked, and it worked fine...

> I tried to login in single-user, it was successful. After I've checked
> access to /dev/mem. Access was denied.

That's really strange, because for RSBAC there is no difference between single
and multi user.

/dev/kmem access is always denied by default settings, because it is so
dangerous.

> Is it default policy for 1.1.2pre8. I remember first run of 1.1.2pre5 - I can
> login as secoff at least.
> Or may be my hands need corrections? ;-)
> btw, sshd gives such messages (why?)
>   error: bind: Permission denied,
>   fatal: Bind to port 22 failed: Transport endpoint is not connected.

Also looks like root privileges missing somehow.

Do you possibly have a corrupted /rsbac/useraci file on that system? What does
the rsbac_init code say about user ACI?

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: 1.1.2-pre8 first run Arkady A Drovosekov
Previous Article (by Subject): 1.1.2-pre8 first run Arkady A Drovosekov
Top of Thread: 1.1.2-pre8 first run Arkady A Drovosekov
Next in Thread: Re: 1.1.2-pre8 first run Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.