problem with grsec2 logs (not the learning logs)
Posted: Tue Mar 09, 2004 8:25 am
Syslog logs every denial of grsec. It worked for me for a long time. After /var/log/syslog got 199kB I recived fallowing messages in /var/log/syslog:
grsec: denied unlink of /var/log/daemon.log.3.gz by /bin/rm[rm:18216] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied rename of /var/log/daemon.log.2.gz to /var/log/daemon.log.3.gz by /bin/mv[mv:18978] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied unlink of /var/log/daemon.log.3.gz by /bin/mv[mv:18978] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied rename of /var/log/daemon.log.1.gz to /var/log/daemon.log.2.gz by /bin/mv[mv:29913] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied unlink of /var/log/daemon.log.2.gz by /bin/mv[mv:29913] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds
and then syslogd stoped logging.
My questions are:
1. can anybody tell me what to do to make that 'savelog' working fine?
2. is there a possibility to save everything that is denied by syslog for anything (for programms that are not listed in /etc/grsec/acl) ?
thanks in advance and regards from Poland
grsec: denied unlink of /var/log/daemon.log.3.gz by /bin/rm[rm:18216] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied rename of /var/log/daemon.log.2.gz to /var/log/daemon.log.3.gz by /bin/mv[mv:18978] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied unlink of /var/log/daemon.log.3.gz by /bin/mv[mv:18978] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied rename of /var/log/daemon.log.1.gz to /var/log/daemon.log.2.gz by /bin/mv[mv:29913] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: denied unlink of /var/log/daemon.log.2.gz by /bin/mv[mv:29913] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/savelog[savelog:13615] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds
and then syslogd stoped logging.
My questions are:
1. can anybody tell me what to do to make that 'savelog' working fine?
2. is there a possibility to save everything that is denied by syslog for anything (for programms that are not listed in /etc/grsec/acl) ?
thanks in advance and regards from Poland