And I'm carefully threading now to not go wrong.
On 160426-23:39+0200, Miroslav Rovis wrote:
> Good news! The suggestion below...
>
...
>
> I already told you about the schedule...
>
> And I'll try and use the rest of your instructions, as can be read at:
>
> http://lists.cinelerra-cv.org/pipermail/cinelerra/2016q2/004678.html
>
> The remaining part [PASTING]:
>
> If this does not report errors, then run:
> make install >> log
This I used instead:
make install |& tee \
/var/log/no-portage-tmp/cinelerra-cv-gg_$(date +%y%m%d_%H%M)_make_install.log
And it gave me:
/var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.log
I actually used on top of that my method (primitive method, not very
useful here if one knew how this program is built, but useful here to
me, because it confirmed to me that all that "make install" (just not
two databases) produced, is in the /bin directory).
I'll post all in today's timestamped logs dir beside the yesterday's and
the one from the day before logs dir (it's a new day sine maybe an
hour).
find / -xdev -name '*' > /root/FIND_cinelerra-cv-gg_$(date +%y%m%d_%H%M)_make_install_BEFOR
then the make install line of mine...
then:
find / -xdev -name '*' > /root/FIND_cinelerra-cv-gg_$(date +%y%m%d_%H%M)_make_install_AFTER
That got me:
/root/FIND_cinelerra-cv-gg_160427_0045_make_install_BEFOR
/root/FIND_cinelerra-cv-gg_160427_0046_make_install_AFTER
diff FIND_cinelerra-cv-gg_160427_0045_make_install_BEFOR \
FIND_cinelerra-cv-gg_160427_0046_make_install_AFTER | \
grep '> ' | sed 's/> //' | grep -vE '\/root\/|\/var\/log' > \
/var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1
That's the list of all the files installed (above).
The below produces me the long list of all the files installed.
for i in \
$(cat /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1);
do if [ ! -d "$i" ] ; then ls -l $i >> \
/var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1.ls-l ;
fi ;
if [ -d "$i" ] ; then ls -ld $i >> \
/var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1.ls-l ;
fi ;
done;
And this gives me the hashes. So I know if anything is, say, comprimised
in the future.
for i in $(cat \
/var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1);
do if [ ! -d "$i" ] ; then sha256sum $i >> \
/var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1.sum ;
fi ;
done;
I'll post all the above files on my NGO's website. Just wanted to relate
to you completely how I do it, in case there would be more hurdles ahead
of us. (And there are, as I'm proofreading before sending.)
>
> on the oft chance that it actually builds on the first try, I would
> copy the bin directory to a a good spot, and reset the file permissions
> to match the needed user/group etc...
>
> mkdir /opt
> cp -a /<build_path>/cinelerra5/cinelerra-5.1/lbin /opt/cin
That sure is a typo. It should read:
cp -a /<build_path>/cinelerra5/cinelerra-5.1/bin /opt/cin
(without the "l").
> chown -R "owner:group" /opt/cin
And there'll probably be some grsec-hardened RBAC policy learning, where
I also thread carefully (took me such long time to learn to deploy
it!)...
So... Let me se...
cp -ia bin/ /opt/cin
chown -R miro:miro /opt/cin
And now I start cinelerra...
$ /opt/cin/cinelerra
bash: /opt/cin/cinelerra: Permission denied
$
Surely there'll be some grsec learning to do...
# gradm -S
The RBAC system is currently enabled.
gcn cinelerra-5.1 # gradm -D
Password:
gcn cinelerra-5.1 #
That's RBAC disabled...
Let's see now:
$ /opt/cin/cinelerra
bash: /opt/cin/cinelerra: Permission denied
$
Still no perms.
Let's see the logs...
Here's all of the last 4 minutes, some of it is unrelated... (but not
much)...
Apr 27 01:27:27 gcn kernel: [64641.781399] grsec: (admin:S:/) exec of
/bin/chown (chown -R miro:miro /opt/cin ) by /bin/chown[bash:2762]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:27:30 gcn kernel: [64645.172084] grsec: (admin:S:/) exec of
/bin/ls (ls --color=auto -lR /opt/cin ) by /bin/ls[bash:2765]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:27:35 gcn kernel: [64649.857577] grsec: (admin:S:/) exec of
/bin/ls (ls --color=auto -lR /opt/cin ) by /bin/ls[bash:2766]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:27:35 gcn kernel: [64649.858204] grsec: (admin:S:/) exec of
/bin/grep (grep --colour=auto -v miro:miro ) by /bin/grep[bash:2767]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:27:40 gcn kernel: [64654.827499] grsec: (admin:S:/) exec of
/bin/ls (ls --color=auto -lR /opt/cin ) by /bin/ls[bash:2768]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:27:40 gcn kernel: [64654.828065] grsec: (admin:S:/) exec of
/bin/grep (grep --colour=auto -v miro miro ) by /bin/grep[bash:2769]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:28:02 gcn kernel: [64677.511632] grsec: (admin:S:/) exec of
/bin/cat (cat ) by /bin/cat[bash:2770] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:28:21 gcn kernel: [64695.527041] grsec: (admin:S:/) exec of
/bin/cat (cat ) by /bin/cat[bash:2773] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:29:12 gcn kernel: [64746.570670] grsec: (admin:S:/) exec of
/bin/ls (ls --color=auto -l /opt/cin/ ) by /bin/ls[bash:2776]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:29:14 gcn kernel: [64748.936640] grsec: (admin:S:/) exec of
/bin/ls (ls --color=auto -ltr /opt/cin/ ) by /bin/ls[bash:2778]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:29:19 gcn kernel: [64754.200201] grsec: (admin:S:/) exec of
/usr/bin/file (file /opt/cin/cinelerra ) by /usr/bin/file[bash:2780]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:29:51 gcn kernel: [64786.313172] grsec: (miro:U:/bin/bash)
denied execution of /opt/cin/cinelerra by /bin/bash[bash:2781]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:29:51 gcn kernel: [64786.313299] grsec: (miro:U:/bin/bash)
denied open of /opt/cin/cinelerra for reading by /bin/bash[bash:2781]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:30:01 gcn crond[2785]: setreuid failed: root 0
Apr 27 01:30:01 gcn crond[2785]: unable to ChangeUser (user root if test
-f /var/lib/lurker/db; then /usr/bin/lurker-prune; fi)
Apr 27 01:30:01 gcn kernel: [64796.431534] grsec:
(root:U:/usr/sbin/crond) change to uid 0 denied for
/usr/sbin/crond[crond:2785] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:01 gcn crond[2736]: exit status 1 from user root if test -f
/var/lib/lurker/db; then /usr/bin/lurker-prune; fi
Apr 27 01:30:01 gcn crond[2784]: setreuid failed: root 0
Apr 27 01:30:01 gcn crond[2784]: unable to ChangeUser (user root test -x
/usr/sbin/run-crons && /usr/sbin/run-crons)
Apr 27 01:30:01 gcn kernel: [64796.432385] grsec:
(root:U:/usr/sbin/crond) change to uid 0 denied for
/usr/sbin/crond[crond:2784] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:16 gcn crond[2736]: exit status 1 from user root test -x
/usr/sbin/run-crons && /usr/sbin/run-crons
Apr 27 01:30:31 gcn kernel: [64825.811373] grsec: (admin:S:/) exec of
/sbin/gradm (gradm -S ) by /sbin/gradm[bash:2792] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:32 gcn kernel: [64827.313880] grsec: (admin:S:/) exec of
/sbin/gradm (gradm -D ) by /sbin/gradm[bash:2795] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:35 gcn kernel: [64829.814050] grsec: shutdown auth success
for /sbin/gradm[gradm:2795] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:35 gcn kernel: [64829.827421] grsec: exec of /sbin/grlearn
(/sbin/grlearn -stop ) by /sbin/grlearn[gradm:2796] uid/euid:0/0
gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:41 gcn kernel: [64836.273454] grsec: exec of /bin/cat (cat
) by /bin/cat[bash:2797] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:30:48 gcn smartd[3091]: Device: /dev/sda [SAT], SMART Usage
Attribute: 190 Airflow_Temperature_Cel changed from 72 to 73
Apr 27 01:30:48 gcn smartd[3091]: Device: /dev/sda [SAT], SMART Usage
Attribute: 194 Temperature_Celsius changed from 28 to 27
Apr 27 01:31:09 gcn kernel: [64863.814563] grsec: denied untrusted exec
(due to being in untrusted group and file in non-root-owned directory)
of /opt/cin/cinelerra by /opt/cin/cinelerra[bash:2799]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549]
uid/euid:1000/1000 gid/egid:1000/1000
The last one will be easy:
# cat /proc/sys/kernel/grsecurity/tpe
1
# cat /proc/sys/kernel/grsecurity/tpe_restrict_all
1
# echo "0" > /proc/sys/kernel/grsecurity/tpe
# echo "0" > /proc/sys/kernel/grsecurity/tpe_restrict_all
# cat /proc/sys/kernel/grsecurity/tpe
0
# cat /proc/sys/kernel/grsecurity/tpe_restrict_all
0
#
And it's much better, but it still... freezes:
miro@gcn ~ $ /opt/cin/cinelerra
sh: pactl: command not found
Cinelerra 5.1 git://git.cinelerra-cv.org/goodguy/cinelerra.git (c)2015:
Adam Williams
Cinelerra is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions. There is absolutely no warranty for Cinelerra.
MESA-LOADER: could not create udev device for fd 5
MESA-LOADER: could not create udev device for fd 6
MESA-LOADER: could not create udev device for fd 6
init plugin index: /opt/cin/plugins
init ladspa index: /opt/cin/ladspa
MESA-LOADER: could not create udev device for fd 10
MESA-LOADER: could not create udev device for fd 11
MESA-LOADER: could not create udev device for fd 11
dbg_add, dup ffffffffffffffff 12BC_Clipboard 12BC_Clipboard
dbg_add, dup ffffffffffffffff 11CWindowTool 12BC_Clipboard
dbg_add, dup ffffffffffffffff 9CPlayback 12BC_Clipboard
And it shows the Cinelerra girl holding huge 5.1 notice, but it remains
at the small "Initializing Fonts" notice in bottom left.
And here are the logs:
Apr 27 01:33:28 gcn kernel: [65002.723399] grsec: exec of /bin/cat (cat
) by /bin/cat[bash:2802] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:34:52 gcn kernel: [65086.539066] grsec: exec of /bin/cat (cat
/proc/sys/kernel/grsecurity/tpe ) by /bin/cat[bash:2805] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:34:57 gcn kernel: [65092.205246] grsec: exec of /bin/cat (cat
/proc/sys/kernel/grsecurity/tpe_restrict_all ) by /bin/cat[bash:2809]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:35:01 gcn kernel: [65096.305160] grsec: exec of /bin/cat (cat
/proc/sys/kernel/grsecurity/tpe ) by /bin/cat[bash:2812] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:35:03 gcn kernel: [65097.981897] grsec: exec of /bin/cat (cat
/proc/sys/kernel/grsecurity/tpe_restrict_all ) by /bin/cat[bash:2813]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:35:15 gcn kernel: [65110.221354] grsec: exec of /bin/cat (cat
/proc/sys/kernel/grsecurity/tpe ) by /bin/cat[bash:2814] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:35:20 gcn kernel: [65115.255716] grsec: exec of /bin/cat (cat
/proc/sys/kernel/grsecurity/tpe_restrict_all ) by /bin/cat[bash:2817]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0
gid/egid:0/0
Apr 27 01:35:32 gcn kernel: [65126.681191] grsec: exec of /bin/cat (cat
) by /bin/cat[bash:2818] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0
Apr 27 01:35:41 gcn kernel: [65135.538152] grsec: exec of
/opt/cin/cinelerra (/opt/cin/cinelerra ) by
/opt/cin/cinelerra[bash:2821] uid/euid:1000/1000 gid/egid:1000/1000,
parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:41 gcn kernel: [65135.746122] grsec: exec of /bin/bash (sh
-c pactl list sinks ) by /bin/bash[cinelerra:2822] uid/euid:1000/1000
gid/egid:1000/1000, parent /opt/cin/cinelerra[cinelerra:2821]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:41 gcn kernel: [65135.902467] grsec: denied RWX mmap of
<anonymous mapping> by /opt/cin/cinelerra[cinelerra:2821]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:41 gcn kernel: [65136.432813] grsec: denied RWX mmap of
<anonymous mapping> by /opt/cin/cinelerra[cinelerra:2821]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:42 gcn kernel: [65136.551542] grsec: denied marking stack
executable as requested by PT_GNU_STACK marking in
/opt/cin/plugins/blending/chromakeyhsv.plugin by
/opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000
gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000
gid/egid:1000/1000
Apr 27 01:35:42 gcn kernel: [65136.713747] grsec: denied marking stack
executable as requested by PT_GNU_STACK marking in
/opt/cin/plugins/themes/theme_blond.plugin by
/opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000
gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000
gid/egid:1000/1000
Apr 27 01:35:42 gcn kernel: [65136.714057] grsec: more alerts, logging
disabled for 10 seconds
Apr 27 01:35:44 gcn kernel: [65138.937557] grsec: exec of /bin/bash (sh
-c find /opt/cin/plugins/fonts -name 'fonts.dir' -print -exec cat {} \;
) by /bin/bash[cinelerra:2823] uid/euid:1000/1000 gid/egid:1000/1000,
parent /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000
gid/egid:1000/1000
Apr 27 01:35:44 gcn kernel: [65138.942376] grsec: exec of /usr/bin/find
(find /opt/cin/plugins/fonts -name fonts.dir -print -exec cat {} ; ) by
/usr/bin/find[sh:2823] uid/euid:1000/1000 gid/egid:1000/1000, parent
/opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:44 gcn kernel: [65138.945761] grsec: chdir to /home/miro by
/usr/bin/find[find:2824] uid/euid:1000/1000 gid/egid:1000/1000, parent
/usr/bin/find[find:2823] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:44 gcn kernel: [65138.945932] grsec: exec of /bin/cat (cat
/opt/cin/plugins/fonts/fonts.dir ) by /bin/cat[find:2824]
uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/find[find:2823]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:35:44 gcn kernel: [65138.948499] grsec: chdir to /home/miro by
/usr/bin/find[find:2823] uid/euid:1000/1000 gid/egid:1000/1000, parent
/opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.876214] grsec: exec of /usr/bin/urxvt
(urxvt -fn fixed ) by /usr/bin/urxvt[bash:2825] uid/euid:1000/1000
gid/egid:1000/1000, parent /bin/bash[bash:3528] uid/euid:1000/1000
gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.933469] grsec: exec of /bin/bash
(bash ) by /bin/bash[urxvt:2828] uid/euid:1000/1000 gid/egid:1000/1000,
parent /usr/bin/urxvt[urxvt:2825] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.941718] grsec: exec of
/usr/bin/dircolors (dircolors -b /etc/DIR_COLORS ) by
/usr/bin/dircolors[bash:2830] uid/euid:1000/1000 gid/egid:1000/1000,
parent /bin/bash[bash:2829] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.946065] grsec: exec of
/usr/bin/dircolors (dircolors -b ) by /usr/bin/dircolors[bash:2833]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2832]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.951306] grsec: exec of
/usr/bin/dircolors (dircolors -b /etc/DIR_COLORS ) by
/usr/bin/dircolors[bash:2835] uid/euid:1000/1000 gid/egid:1000/1000,
parent /bin/bash[bash:2834] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.954851] grsec: exec of
/usr/bin/dircolors (dircolors -b ) by /usr/bin/dircolors[bash:2838]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2837]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.959097] grsec: exec of
/usr/bin/setxkbmap (setxkbmap gb ) by /usr/bin/setxkbmap[bash:2839]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2828]
uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.968559] grsec: exec of /bin/bash (sh
-c "/usr/bin/xkbcomp" -w 1 "-R/usr/share/X11/xkb" -xkm "-" -em1 "The
XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " ) by
/bin/bash[X:2840] uid/euid:1000/1000 gid/egid:1000/1000, parent
/usr/bin/Xorg[X:3514] uid/euid:1000/0 gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.972402] grsec: exec of
/usr/bin/xkbcomp (/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1
The XKEYBOARD keymap compiler (xkbcomp) reports: -emp > -eml Errors
from) by /usr/bin/xkbcomp[sh:2840] uid/euid:1000/1000
gid/egid:1000/1000, parent /usr/bin/Xorg[X:3514] uid/euid:1000/0
gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65162.974261] grsec: chdir to
/usr/share/X11/xkb by /usr/bin/xkbcomp[xkbcomp:2840] uid/euid:1000/1000
gid/egid:1000/1000, parent /usr/bin/Xorg[X:3514] uid/euid:1000/0
gid/egid:1000/1000
Apr 27 01:36:08 gcn kernel: [65163.003312] grsec: exec of /usr/bin/xset
(xset r rate 185 45 ) by /usr/bin/xset[bash:2841] uid/euid:1000/1000
gid/egid:1000/1000, parent /bin/bash[bash:2828] uid/euid:1000/1000
gid/egid:1000/1000
Apr 27 01:36:15 gcn kernel: [65169.779564] grsec: exec of /usr/bin/top
(top ) by /usr/bin/top[bash:2842] uid/euid:1000/1000 gid/egid:1000/1000,
parent /bin/bash[bash:2828] uid/euid:1000/1000 gid/egid:1000/1000
Apr 27 01:40:01 gcn kernel: [65396.443640] grsec: chdir to /root by
/usr/sbin/crond[crond:2843] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.443867] grsec: exec of /bin/bash
(/bin/sh -c test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) by
/bin/bash[crond:2843] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.497593] grsec: exec of
/usr/sbin/run-crons (/usr/sbin/run-crons ) by
/usr/sbin/run-crons[sh:2846] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[sh:2843] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.503214] grsec: exec of /bin/ln (ln
-sn 2846 /var/lock/cron.hourly ) by /bin/ln[run-crons:2847] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.506166] grsec: exec of /usr/bin/find
(find /var/spool/cron/lastrun/ -name cron.hourly -cmin +65 -exec rm {} ;
) by /usr/bin/find[run-crons:2848] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.508626] grsec: chdir to /root by
/usr/bin/find[find:2849] uid/euid:0/0 gid/egid:0/0, parent
/usr/bin/find[find:2848] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.508811] grsec: exec of /bin/rm (rm
/var/spool/cron/lastrun/cron.hourly ) by /bin/rm[find:2849] uid/euid:0/0
gid/egid:0/0, parent /usr/bin/find[find:2848] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.509775] grsec: chdir to /root by
/usr/bin/find[find:2848] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.511169] grsec: exec of /bin/touch
(touch /var/spool/cron/lastrun/cron.hourly ) by
/bin/touch[run-crons:2850] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.513833] grsec: exec of /bin/rm (rm -f
/var/lock/cron.hourly ) by /bin/rm[run-crons:2851] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.515752] grsec: exec of /bin/ln (ln
-sn 2846 /var/lock/cron.daily ) by /bin/ln[run-crons:2852] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.517915] grsec: exec of /usr/bin/find
(find /var/spool/cron/lastrun/ -name cron.daily -cmin +1445 -exec rm {}
; ) by /usr/bin/find[run-crons:2853] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.519196] grsec: chdir to /root by
/usr/bin/find[find:2853] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:01 gcn kernel: [65396.520249] grsec: exec of /bin/rm (rm -f
/var/lock/cron.daily ) by /bin/rm[run-crons:2854] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.522345] grsec: exec of /bin/ln (ln
-sn 2846 /var/lock/cron.weekly ) by /bin/ln[run-crons:2855] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.524472] grsec: exec of /usr/bin/find
(find /var/spool/cron/lastrun/ -name cron.weekly -cmin +10085 -exec rm
{} ; ) by /usr/bin/find[run-crons:2856] uid/euid:0/0 gid/egid:0/0,
parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.525886] grsec: chdir to /root by
/usr/bin/find[find:2856] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.527211] grsec: exec of /bin/rm (rm -f
/var/lock/cron.weekly ) by /bin/rm[run-crons:2857] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.529376] grsec: exec of /bin/ln (ln
-sn 2846 /var/lock/cron.monthly ) by /bin/ln[run-crons:2858]
uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846]
uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.531750] grsec: exec of /usr/bin/find
(find /var/spool/cron/lastrun/ -name cron.monthly -cmin +44645 -exec rm
{} ; ) by /usr/bin/find[run-crons:2860] uid/euid:0/0 gid/egid:0/0,
parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.533329] grsec: chdir to /root by
/usr/bin/find[find:2860] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.534368] grsec: exec of /bin/touch
(touch /var/spool/cron/lastrun ) by /bin/touch[run-crons:2861]
uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846]
uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.536486] grsec: exec of /usr/bin/find
(find /var/spool/cron/lastrun/ -newer /var/spool/cron/lastrun -exec
/bin/rm -f {} ; ) by /usr/bin/find[run-crons:2862] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.537982] grsec: chdir to /root by
/usr/bin/find[find:2862] uid/euid:0/0 gid/egid:0/0, parent
/usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0
Apr 27 01:40:02 gcn kernel: [65396.539029] grsec: exec of /bin/rm (rm -f
/var/lock/cron.monthly ) by /bin/rm[run-crons:2863] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0
gid/egid:0/0
And here we actually reach to where it's pretty high brow...
I'll rush to send you this, I'm sure you're eager to know too...
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
(text/plain)