[Systrace] telnet policy generation

[Ilya Voronin]

On Mon, 28 Feb 2005 10:57:11 +0200, Kim Onnel <karim.adel at gmail.com> wrote:
> Hello,
> 
> I am trying to generate a policy rule for telnet, i did the following
> and got some error, kindly find below a log of it all.
> 
> -bash-3.00# systrace -A /usr/bin/telnet
> telnet> open
> (to) 172.31.1.1
> Trying 172.31.1.1...
> Connected to 172.31.1.1.
> Escape character is '^]'.
> 
> User Access Verification
> 
> Username: test
> Password:
> 
> RPMI>q
> Connection closed by foreign host.
> 
> -bash-3.00# ls /root/.systrace/
> tmp             usr_bin_telnet
> 
> -bash-3.00# cp /root/.systrace/ /etc/systrace/
> 
> -bash-3.00# cp /root/.systrace/usr_bin_telnet /etc/systrace/
> -bash-3.00# ls -alh /etc/systrace/usr_bin_telnet
> -rw-------  1 root  wheel   1.8K Feb 28 10:41 /etc/systrace/usr_bin_telnet
> -bash-3.00# chown root.bin /etc/systrace/usr_bin_telnet
> 
> -bash-3.00# chmod +x /etc/systrace/usr_bin_telnet
> -bash-3.00# ls -alh /etc/systrace/usr_bin_telnet
> -rwxrwxrwx  1 root  bin   1.8K Feb 28 10:41 /etc/systrace/usr_bin_telnet
> 
> and when i try to test :
> 
> $ telnet 172.31.1.1
> telnet: krb5_cc_get_principal: 1
> $
> 
> on the console:
> -bash-3.00# Feb 28 10:49:03 bastion2 systrace: deny user: test, prog:
> /usr/bin/telnet, pid: 5245(2)[11212], policy: /usr/bin/telnet,
> filters: 42, syscall: native-fsread(5), filename: /tmp/krb5cc_1001
This filename (/tmp/krb5cc_1001) may change. Check policy and replace:
native-fsread: filename eq "/tmp/krb5cc_XXXX" then permit
with:
native-fsread: filename match "/tmp/krb5cc_*" then permit

-- 
ilya voronin <ivoronin at gmail.com>