Mailing List Archive: Beginner @ grsecurity rbac

I think default policy won't be enough for you.
You should first run RBAC in learning mode on your server for a while.
You can generate the learned rules based on the learning log.
You are also advised to go through the learned rules and make some
adjustments.
You can now enable RBAC, but you may still find some denials in your log.
You should accomodate the policy based on the remaining denials.

As the systems gets regularly updated some components will behave
differently, so the policy should incorporate these changes from time to
time.

Regards:
Dw.
--
dr TÃ³th Attila, RadiolÃ³gus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

2012.Szeptember 7.(P) 10:37 idÅ‘pontban Darknight ezt Ãrta:
> I want to start deploying rbac on already hardened servers, starting
> with a server that handles only a few services to "see what happens".
> I recompiled the kernel enabling rbac and I'm now ready to reboot.
> But... will the default policy break my services until I come up with a
> working policy, or at least until I start learning mode manually? Or is
> the default policy liberal enough that it is more or less equivalent to
> an "allow all" policy?
> I'm still learning the syntax and semantics of the policy language so I
> don't fully trust my own judgement at this point. ;)
>
> Thanks in advance.
>