From ivoronin at gmail.com Sun Mar 6 14:34:04 2005 From: ivoronin at gmail.com (Ilya Voronin) Date: Sun Mar 6 21:38:32 2005 Subject: [Systrace] telnet policy generation In-Reply-To: References: Message-ID: On Mon, 28 Feb 2005 10:57:11 +0200, Kim Onnel wrote: > Hello, > > I am trying to generate a policy rule for telnet, i did the following > and got some error, kindly find below a log of it all. > > -bash-3.00# systrace -A /usr/bin/telnet > telnet> open > (to) 172.31.1.1 > Trying 172.31.1.1... > Connected to 172.31.1.1. > Escape character is '^]'. > > User Access Verification > > Username: test > Password: > > RPMI>q > Connection closed by foreign host. > > -bash-3.00# ls /root/.systrace/ > tmp usr_bin_telnet > > -bash-3.00# cp /root/.systrace/ /etc/systrace/ > > -bash-3.00# cp /root/.systrace/usr_bin_telnet /etc/systrace/ > -bash-3.00# ls -alh /etc/systrace/usr_bin_telnet > -rw------- 1 root wheel 1.8K Feb 28 10:41 /etc/systrace/usr_bin_telnet > -bash-3.00# chown root.bin /etc/systrace/usr_bin_telnet > > -bash-3.00# chmod +x /etc/systrace/usr_bin_telnet > -bash-3.00# ls -alh /etc/systrace/usr_bin_telnet > -rwxrwxrwx 1 root bin 1.8K Feb 28 10:41 /etc/systrace/usr_bin_telnet > > and when i try to test : > > $ telnet 172.31.1.1 > telnet: krb5_cc_get_principal: 1 > $ > > on the console: > -bash-3.00# Feb 28 10:49:03 bastion2 systrace: deny user: test, prog: > /usr/bin/telnet, pid: 5245(2)[11212], policy: /usr/bin/telnet, > filters: 42, syscall: native-fsread(5), filename: /tmp/krb5cc_1001 This filename (/tmp/krb5cc_1001) may change. Check policy and replace: native-fsread: filename eq "/tmp/krb5cc_XXXX" then permit with: native-fsread: filename match "/tmp/krb5cc_*" then permit -- ilya voronin