For the following real excerpt out my
/var/log/messages (well except to replacing my username with ukra, short for ukrainian), I used, in Vim, this command, which got me rid of, it happens to be, 740 lines (it's mostly Vim changing dir, and it does it a lot, and I have the audit_chdir on, along with exec_logging, newbies: find it in the Help in your kernel, under grsecurity)
- Code: Select all
:%s/.*chdir to \/root by \/usr\/bin\/vim.*\n\|.*chdir to \/etc\/vim by \/usr\/bin\/vim.*\n\|.*chdi r to \/usr\/share\/vim.*\n//gc
I didn't mark with ...[cut XX lines out]... No time.
But I then removed other stuff, such as after I issued the command:
- Code: Select all
# /etc/init.d/syslog-ng restart ; /etc/init.d/dcron restart ; /etc/init.d/postfix restart ;
which for some arcane reason I need to do after first:
- Code: Select all
# gradm -D
and, second, updating my
/etc/grsec/policy with the new copy with the new entries, in this case, with the policy for
/usr/bin/mail, and then, third, re-enabling gradm:
- Code: Select all
# gradm -E
I was saying [I then removed other stuff], which is not of much concern here, such as the huge logging of all the exec'ing and chdir's by those restarting of the syslog-ng, dcron and postfix services, from the real excerpt from my
/var/log/messages.
I mostly didn't mark those places with ...[cut XX lines out]... No time.
What you'll see in the < 40k excerpt from the log that follows last in, no: I decide now, in the next post, standalone, however, corresponds to what I was trying in this terminal that I am, before posting that log, pasting in here...
The log in the next post, again, corresponds to what I was trying here, and each time I edited and updated with new version my
/etc/grsec/policy, things here, and in the corresponding log, changed:
- Code: Select all
ukra@box ~ $ MAIL="/usr/bin/mail"
ukra@box ~ $ echo $MAIL
/usr/bin/mail
ukra@box ~ $ echo "Trying things" | $MAIL -s "Trying things
> 2^C
ukra@box ~ $ echo "Trying things" | $MAIL -s "Trying things" $LOGNAME
mail: /usr/sbin/sendmail: Permission denied
Can't send mail: sendmail process failed with error code 1
ukra@box ~ $ echo "Trying things" | mail -s "Trying things" $LOGNAME
mail: /usr/sbin/sendmail: Permission denied
Can't send mail: sendmail process failed with error code 1
ukra@box ~ $ echo "Trying things" | mail -s "Trying things" ukra
mail: /usr/sbin/sendmail: Permission denied
Can't send mail: sendmail process failed with error code 1
ukra@box ~ $ mail -s "Trying things" ukra
asdfasf
Cc: ^C
(Interrupt -- one more to kill letter)
Cc:
mail: /usr/sbin/sendmail: Permission denied
Can't send mail: sendmail process failed with error code 1
ukra@box ~ $ man mail
ukra@box ~ $ mail -s "Trying things" ukra
~
~
adf
asdfadf
Cc:
which mail: /usr/sbin/sendmail: Permission denied
Can't send mail: sendmail process failed with error code 1
ukra@box ~ $ mail -s "Trying things" ukra
bash: /usr/bin/mail: No such file or directory
ukra@box ~ $ mail -s "Trying things" ukra
bash: /usr/bin/mail: No such file or directory
ukra@box ~ $ mail -s "Trying things" ukra
mail: error while loading shared libraries: liblockfile.so.1: cannot open shared object file: Permission denied
ukra@box ~ $
ukra@box ~ $
ukra@box ~ $ mail -s "Trying things" ukra
mail: error while loading shared libraries: liblockfile.so.1: cannot open shared object file: Permission denied
ukra@box ~ $
ukra@box ~ $
ukra@box ~ $ mail -s "Trying things" ukra
mail: /tmp/mail.RsXXXXOYgAzX: No such file or directory
ukra@box ~ $ mail -s "Trying things" ukra
aasdfasf
ff
EOT
ukra@box ~ $ mail -s "Trying things" ukra
afa
afasdf
asdf
EOT
ukra@box ~ $
To cut it short, the last two attempts at sending (local) mail, were both successful, just the postfix's services, from qmgr to sendmail, wouldn't send it without the restart mentioned above.
So both the bottom ones have arrived. Have a look:
- Code: Select all
34 15-09-22 ukra@localdomai (0.1K) Trying things
35 15-09-22 ukra@localdomai (0.1K) Trying things
-*-Mutt: ~/Maildir/ [Msgs:35 New:2 Old:1 Flag:2 Post:51 Inc:69 2
Return-Path: <ukra@localdomain>
X-Original-To: ukra
Delivered-To: ukra@localdomain
Received: by gbn.localdomain (Postfix, from userid 1000)
id 598DE3810FA; Tue, 22 Sep 2015 14:49:20 +0200 (CEST)
To: ukra@localdomain
Subject: Trying things
Message-Id: <[email protected]>
Date: Tue, 22 Sep 2015 14:49:20 +0200 (CEST)
From: ukra@localdomain
aasdfasf
ff
- - 34/35: ukra@localdomain Trying things -- (all)
and:
- Code: Select all
35 15-09-22 ukra@localdomai (0.1K) Trying things
-*-Mutt: ~/Maildir/ [Msgs:35 New:2 Old:1 Flag:2 Post:51 Inc:69 2
Return-Path: <ukra@localdomain>
X-Original-To: ukra
Delivered-To: ukra@localdomain
Received: by gbn.localdomain (Postfix, from userid 1000)
id 79A05381566; Tue, 22 Sep 2015 14:50:17 +0200 (CEST)
To: ukra@localdomain
Subject: Trying things
Message-Id: <[email protected]>
Date: Tue, 22 Sep 2015 14:50:17 +0200 (CEST)
From: ukra@localdomain
afa
afasdf
asdf
- - 35/35: ukra@localdomain Trying things -- (all)
And only in the third post will be the new entry for role ukrainian,
subject /usr/bin/mail, so newbies can first try and think what is needed to do, and only then look up my solution.