Hello!
After ~20 hours after running
# gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/
gradm not stopped.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
23513 root 20 0 288m 273m 1308 R 99,6 15,9 1008:37 gradm
This strace immediately after running gradm
# strace -p 23513
Process 23513 attached
read(3, "usr/bin/python3.2\t/etc/cron.week"..., 16777216) = 16777216
read(3, "\t1\t1\t/etc/ssh/ssh_host_dsa_key\t1"..., 16777216) = 16777216
read(3, "sr/sbin/named\t/\t127.0.0.1\t53643\t"..., 16777216) = 16777216
read(3, "mpd\t/\t1\t1\t/bin/dash\t16\t0.0.0.0\nd"..., 16777216) = 16777216
read(3, "998\t/usr/lib64/nagios/plugins/ch"..., 16777216) = 16777216
read(3, "\t68\t107\t998\t/usr/sbin/nagios\t/\t1"..., 16777216) = 16777216
read(3, "/\t1\t1\t/usr/lib64/libasm.a\t16\t0.0"..., 16777216) = 16777216
read(3, "97\t/usr/sbin/ripd\t/\t172.16.16.2\t"..., 16777216) = 16777216
read(3, "usr/sbin/nagios\t/\t1\t1\t/var/nagio"..., 16777216) = 16777216
read(3, "bz.so.1.2.7\t17\t0.0.0.0\ndefault\t6"..., 16777216) = 16777216
read(3, "\t1\t/\t16\t0.0.0.0\ndefault\t68\t0\t0\t/"..., 16777216) = 16777216
read(3, "\t16\t0.0.0.0\ndefault\t68\t0\t0\t/usr/"..., 16777216) = 16777216
read(3, ".0\ndefault\t68\t107\t998\t/usr/lib64"..., 16777216) = 16777216
read(3, ".0\ndefault\t68\t0\t0\t/usr/libexec/p"..., 16777216) = 16777216
read(3, "7\t998\t/usr/bin/snmpget\t/\t1\t1\t/li"..., 16777216) = 16777216
read(3, "8.5\t/\t1\t1\t/usr/lib64/libeinfo.so"..., 16777216) = 16777216
read(3, "portage/app-editors/vim-7.3.762\t"..., 16777216) = 16777216
read(3, "/edb/dep/usr/portage/sys-kernel/"..., 16777216) = 16777216
read(3, "gins/check_ping\t/\t1\t1\t/etc/host."..., 16777216) = 16777216
read(3, "ault\t68\t0\t0\t/usr/sbin/cron\t/\t1\t1"..., 16777216) = 16777216
read(3, "s/plugins/check_ping\t/\t1\t1\t/usr/"..., 16777216) = 16777216
read(3, "1\t/usr/lib64/tcllib1.15/multiple"..., 16777216) = 16777216
read(3, "ck_ssh\t/\t127.0.0.1\t22\t1\t6\t2\t0.0."..., 16777216) = 16777216
read(3, "b64/libpthread-2.15.so\t17\t0.0.0."..., 16777216) = 16777216
read(3, "r/lib64/nagios/plugins/check_snm"..., 16777216) = 16777216
read(3, "sr/portage/app-shells/push-1.5\t1"..., 16777216) = 16777216
read(3, ".0.0\ndefault\t68\t107\t998\t/usr/bin"..., 16777216) = 16777216
read(3, "b64/tcllib1.15/soundex/pkgIndex."..., 16777216) = 16777216
read(3, "resolv-2.15.so\t8\t0.0.0.0\ndefault"..., 16777216) = 16777216
read(3, "/snmpget\t/\t1\t1\t/usr/share/snmp/m"..., 16777216) = 16777216
read(3, ".0\ndefault\t68\t0\t0\t/usr/bin/tclsh"..., 16777216) = 16777216
read(3, "s-2.15.so\t17\t0.0.0.0\ndefault\t68\t"..., 16777216) = 16777216
read(3, "ep/usr/portage/x11-drivers\t16\t0."..., 16777216) = 16777216
read(3, "on.weekly\t1\t1\t/var/cache/edb/dep"..., 16777216) = 16777216
read(3, "s/spool/checkresults/ceaNH06\t133"..., 16777216) = 16777216
read(3, "/bin/python3.2\t/\t1\t1\t/usr/lib64/"..., 16777216) = 16777216
^CProcess 23513 detached
and this strace aftert ~20 hours later
# time strace -p 23513
Process 23513 attached
^CProcess 23513 detached
strace -p 23513 0,00s user 0,00s system 0% cpu 3:37,59 total
# vdir -h /etc/grsec/learning.logs
-rw------- 1 root root 2,2G Nov 19 15:30 /etc/grsec/learning.logs
Any and all suggestions are welcome.
gradm log
Beginning full learning object reduction for subject /bin/rm...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /bin/touch...done.
Beginning full learning object reduction for subject /bin/zsh...done.
Beginning full learning object reduction for subject /etc/cron.daily...done.
Beginning full learning object reduction for subject /etc/cron.weekly...done.
Beginning full learning object reduction for subject /etc/init.d/net.lo...done.
Beginning full learning object reduction for subject
/lib64/dhcpcd/dhcpcd-run-hooks...done.
Beginning full learning object reduction for subject /sbin/dhcpcd...done.
Beginning full learning object reduction for subject /sbin/udevd...done.
Beginning full learning object reduction for subject /sbin/xtables-multi...done.
Beginning full learning object reduction for subject
/usr/bin/bcfg2-report-collector-python2.7...done.
Beginning full learning object reduction for subject
/usr/bin/bcfg2-server-python2.7...done.
Beginning full learning object reduction for subject
/usr/bin/fail2ban-server...done.
Beginning full learning object reduction for subject /usr/bin/logger...done.
Beginning full learning object reduction for subject /usr/bin/python3.2...done.
Beginning full learning object reduction for subject /usr/bin/rsync...done.
Beginning full learning object reduction for subject /usr/bin/top...done.
Beginning full learning object reduction for subject /usr/bin/whois...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/auth...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/config...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/imap...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/imap-login...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/ssl-params...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/cleanup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/local...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/master...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/pickup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtp...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtpd...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/trivial-rewrite...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/verify...done.
Beginning full learning object reduction for subject /usr/sbin/apache2...done.
Beginning full learning object reduction for subject /usr/sbin/collectd...done.
Beginning full learning object reduction for subject /usr/sbin/cron...done.
Beginning full learning object reduction for subject /usr/sbin/dovecot...done.
Beginning full learning object reduction for subject /usr/sbin/ntpd...done.
Beginning full learning object reduction for subject /usr/sbin/postdrop...done.
Beginning full learning object reduction for subject /usr/sbin/ripd...done.
Beginning full learning object reduction for subject /usr/sbin/rsyslogd...done.
Beginning full learning object reduction for subject /usr/sbin/sendmail...done.
Beginning full learning object reduction for subject /usr/sbin/snmpd...done.
Beginning full learning object reduction for subject /usr/sbin/sshd...done.
Beginning full learning object reduction for subject /usr/sbin/zebra...done.
Beginning full learning object reduction for subject /etc/cron.daily...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/auth...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/imap-login...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /usr/sbin/apache2...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/ip...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /usr/bin/top...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/cleanup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/pickup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/qmgr...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtp...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtpd...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/verify...done.
Beginning full learning object reduction for subject /usr/sbin/openvpn...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/ping...done.
Beginning full learning object reduction for subject /bin/ps...done.
Beginning full learning object reduction for subject /usr/bin/snmpget...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_http...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_ping...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_ssh...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_tcp...done.
Beginning full learning object reduction for subject /usr/sbin/nagios...
After ~20 hours after running
# gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/
gradm not stopped.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
23513 root 20 0 288m 273m 1308 R 99,6 15,9 1008:37 gradm
This strace immediately after running gradm
# strace -p 23513
Process 23513 attached
read(3, "usr/bin/python3.2\t/etc/cron.week"..., 16777216) = 16777216
read(3, "\t1\t1\t/etc/ssh/ssh_host_dsa_key\t1"..., 16777216) = 16777216
read(3, "sr/sbin/named\t/\t127.0.0.1\t53643\t"..., 16777216) = 16777216
read(3, "mpd\t/\t1\t1\t/bin/dash\t16\t0.0.0.0\nd"..., 16777216) = 16777216
read(3, "998\t/usr/lib64/nagios/plugins/ch"..., 16777216) = 16777216
read(3, "\t68\t107\t998\t/usr/sbin/nagios\t/\t1"..., 16777216) = 16777216
read(3, "/\t1\t1\t/usr/lib64/libasm.a\t16\t0.0"..., 16777216) = 16777216
read(3, "97\t/usr/sbin/ripd\t/\t172.16.16.2\t"..., 16777216) = 16777216
read(3, "usr/sbin/nagios\t/\t1\t1\t/var/nagio"..., 16777216) = 16777216
read(3, "bz.so.1.2.7\t17\t0.0.0.0\ndefault\t6"..., 16777216) = 16777216
read(3, "\t1\t/\t16\t0.0.0.0\ndefault\t68\t0\t0\t/"..., 16777216) = 16777216
read(3, "\t16\t0.0.0.0\ndefault\t68\t0\t0\t/usr/"..., 16777216) = 16777216
read(3, ".0\ndefault\t68\t107\t998\t/usr/lib64"..., 16777216) = 16777216
read(3, ".0\ndefault\t68\t0\t0\t/usr/libexec/p"..., 16777216) = 16777216
read(3, "7\t998\t/usr/bin/snmpget\t/\t1\t1\t/li"..., 16777216) = 16777216
read(3, "8.5\t/\t1\t1\t/usr/lib64/libeinfo.so"..., 16777216) = 16777216
read(3, "portage/app-editors/vim-7.3.762\t"..., 16777216) = 16777216
read(3, "/edb/dep/usr/portage/sys-kernel/"..., 16777216) = 16777216
read(3, "gins/check_ping\t/\t1\t1\t/etc/host."..., 16777216) = 16777216
read(3, "ault\t68\t0\t0\t/usr/sbin/cron\t/\t1\t1"..., 16777216) = 16777216
read(3, "s/plugins/check_ping\t/\t1\t1\t/usr/"..., 16777216) = 16777216
read(3, "1\t/usr/lib64/tcllib1.15/multiple"..., 16777216) = 16777216
read(3, "ck_ssh\t/\t127.0.0.1\t22\t1\t6\t2\t0.0."..., 16777216) = 16777216
read(3, "b64/libpthread-2.15.so\t17\t0.0.0."..., 16777216) = 16777216
read(3, "r/lib64/nagios/plugins/check_snm"..., 16777216) = 16777216
read(3, "sr/portage/app-shells/push-1.5\t1"..., 16777216) = 16777216
read(3, ".0.0\ndefault\t68\t107\t998\t/usr/bin"..., 16777216) = 16777216
read(3, "b64/tcllib1.15/soundex/pkgIndex."..., 16777216) = 16777216
read(3, "resolv-2.15.so\t8\t0.0.0.0\ndefault"..., 16777216) = 16777216
read(3, "/snmpget\t/\t1\t1\t/usr/share/snmp/m"..., 16777216) = 16777216
read(3, ".0\ndefault\t68\t0\t0\t/usr/bin/tclsh"..., 16777216) = 16777216
read(3, "s-2.15.so\t17\t0.0.0.0\ndefault\t68\t"..., 16777216) = 16777216
read(3, "ep/usr/portage/x11-drivers\t16\t0."..., 16777216) = 16777216
read(3, "on.weekly\t1\t1\t/var/cache/edb/dep"..., 16777216) = 16777216
read(3, "s/spool/checkresults/ceaNH06\t133"..., 16777216) = 16777216
read(3, "/bin/python3.2\t/\t1\t1\t/usr/lib64/"..., 16777216) = 16777216
^CProcess 23513 detached
and this strace aftert ~20 hours later
# time strace -p 23513
Process 23513 attached
^CProcess 23513 detached
strace -p 23513 0,00s user 0,00s system 0% cpu 3:37,59 total
# vdir -h /etc/grsec/learning.logs
-rw------- 1 root root 2,2G Nov 19 15:30 /etc/grsec/learning.logs
Any and all suggestions are welcome.
gradm log
Beginning full learning object reduction for subject /bin/rm...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /bin/touch...done.
Beginning full learning object reduction for subject /bin/zsh...done.
Beginning full learning object reduction for subject /etc/cron.daily...done.
Beginning full learning object reduction for subject /etc/cron.weekly...done.
Beginning full learning object reduction for subject /etc/init.d/net.lo...done.
Beginning full learning object reduction for subject
/lib64/dhcpcd/dhcpcd-run-hooks...done.
Beginning full learning object reduction for subject /sbin/dhcpcd...done.
Beginning full learning object reduction for subject /sbin/udevd...done.
Beginning full learning object reduction for subject /sbin/xtables-multi...done.
Beginning full learning object reduction for subject
/usr/bin/bcfg2-report-collector-python2.7...done.
Beginning full learning object reduction for subject
/usr/bin/bcfg2-server-python2.7...done.
Beginning full learning object reduction for subject
/usr/bin/fail2ban-server...done.
Beginning full learning object reduction for subject /usr/bin/logger...done.
Beginning full learning object reduction for subject /usr/bin/python3.2...done.
Beginning full learning object reduction for subject /usr/bin/rsync...done.
Beginning full learning object reduction for subject /usr/bin/top...done.
Beginning full learning object reduction for subject /usr/bin/whois...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/auth...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/config...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/imap...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/imap-login...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/ssl-params...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/cleanup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/local...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/master...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/pickup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtp...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtpd...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/trivial-rewrite...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/verify...done.
Beginning full learning object reduction for subject /usr/sbin/apache2...done.
Beginning full learning object reduction for subject /usr/sbin/collectd...done.
Beginning full learning object reduction for subject /usr/sbin/cron...done.
Beginning full learning object reduction for subject /usr/sbin/dovecot...done.
Beginning full learning object reduction for subject /usr/sbin/ntpd...done.
Beginning full learning object reduction for subject /usr/sbin/postdrop...done.
Beginning full learning object reduction for subject /usr/sbin/ripd...done.
Beginning full learning object reduction for subject /usr/sbin/rsyslogd...done.
Beginning full learning object reduction for subject /usr/sbin/sendmail...done.
Beginning full learning object reduction for subject /usr/sbin/snmpd...done.
Beginning full learning object reduction for subject /usr/sbin/sshd...done.
Beginning full learning object reduction for subject /usr/sbin/zebra...done.
Beginning full learning object reduction for subject /etc/cron.daily...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/auth...done.
Beginning full learning object reduction for subject
/usr/libexec/dovecot/imap-login...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /usr/sbin/apache2...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/ip...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /usr/bin/top...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/cleanup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/pickup...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/qmgr...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtp...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/smtpd...done.
Beginning full learning object reduction for subject
/usr/libexec/postfix/verify...done.
Beginning full learning object reduction for subject /usr/sbin/openvpn...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/ping...done.
Beginning full learning object reduction for subject /bin/ps...done.
Beginning full learning object reduction for subject /usr/bin/snmpget...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_http...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_ping...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_ssh...done.
Beginning full learning object reduction for subject
/usr/lib64/nagios/plugins/check_tcp...done.
Beginning full learning object reduction for subject /usr/sbin/nagios...