From lurker-index@localhost Wed Apr 27 08:38:00 2016 Date: Wed, 27 Apr 2016 08:38:00 +0200 From: Miroslav Rovis To: cinelerra@lists.cinelerra-cv.org Subject: [miro.rovis@croatiafidelis.hr: Re: [CinCV TNG] Building in Gentoo Message-ID: <20160427063800.GI30714@g0n> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QnBU6tTI9sljzm9u" Content-Disposition: inline User-Agent: Mutt/1.5.23+116 (55ea6e829b46) (2014-03-12) --QnBU6tTI9sljzm9u Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable A note about this forwarded message: I'm not a dev, and I had composed it in a hurry ;-) ... ----- Forwarded message from Miroslav Rovis = ----- Date: Wed, 27 Apr 2016 01:01:16 +0200 =46rom: Miroslav Rovis To: Good Guy , f@gcn.xdwgrp Subject: Re: [CinCV TNG] Building in Gentoo And I'm carefully threading now to not go wrong. On 160426-23:39+0200, Miroslav Rovis wrote: > Good news! The suggestion below... >=20 =2E.. >=20 > I already told you about the schedule... >=20 > And I'll try and use the rest of your instructions, as can be read at: >=20 > http://lists.cinelerra-cv.org/pipermail/cinelerra/2016q2/004678.html >=20 > The remaining part [PASTING]: >=20 > If this does not report errors, then run: > make install >> log This I used instead: make install |& tee \ /var/log/no-portage-tmp/cinelerra-cv-gg_$(date +%y%m%d_%H%M)_make_install.l= og And it gave me: /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.log I actually used on top of that my method (primitive method, not very useful here if one knew how this program is built, but useful here to me, because it confirmed to me that all that "make install" (just not two databases) produced, is in the /bin directory). I'll post all in today's timestamped logs dir beside the yesterday's and the one from the day before logs dir (it's a new day sine maybe an hour). find / -xdev -name '*' > /root/FIND_cinelerra-cv-gg_$(date +%y%m%d_%H%M)_ma= ke_install_BEFOR then the make install line of mine... then: find / -xdev -name '*' > /root/FIND_cinelerra-cv-gg_$(date +%y%m%d_%H%M)_ma= ke_install_AFTER That got me: /root/FIND_cinelerra-cv-gg_160427_0045_make_install_BEFOR /root/FIND_cinelerra-cv-gg_160427_0046_make_install_AFTER diff FIND_cinelerra-cv-gg_160427_0045_make_install_BEFOR \ FIND_cinelerra-cv-gg_160427_0046_make_install_AFTER | \ grep '> ' | sed 's/> //' | grep -vE '\/root\/|\/var\/log' > \ /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1 That's the list of all the files installed (above). The below produces me the long list of all the files installed. for i in \ $(cat /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1= ); do if [ ! -d "$i" ] ; then ls -l $i >> \ /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1.ls-l ; fi ;=20 if [ -d "$i" ] ; then ls -ld $i >> \ /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1.ls-l ; fi ; done; And this gives me the hashes. So I know if anything is, say, comprimised in the future. for i in $(cat \ /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1); do if [ ! -d "$i" ] ; then sha256sum $i >> \ /var/log/no-portage-tmp/cinelerra-cv-gg_160427_0046_make_install.ls-1.sum ; fi ; done; I'll post all the above files on my NGO's website. Just wanted to relate to you completely how I do it, in case there would be more hurdles ahead of us. (And there are, as I'm proofreading before sending.) >=20 > on the oft chance that it actually builds on the first try, I would > copy the bin directory to a a good spot, and reset the file permissions > to match the needed user/group etc... >=20 > mkdir /opt > cp -a //cinelerra5/cinelerra-5.1/lbin /opt/cin That sure is a typo. It should read: cp -a //cinelerra5/cinelerra-5.1/bin /opt/cin (without the "l"). > chown -R "owner:group" /opt/cin And there'll probably be some grsec-hardened RBAC policy learning, where I also thread carefully (took me such long time to learn to deploy it!)... So... Let me se... cp -ia bin/ /opt/cin chown -R miro:miro /opt/cin And now I start cinelerra... $ /opt/cin/cinelerra=20 bash: /opt/cin/cinelerra: Permission denied $ Surely there'll be some grsec learning to do... # gradm -S The RBAC system is currently enabled. gcn cinelerra-5.1 # gradm -D Password:=20 gcn cinelerra-5.1 #=20 That's RBAC disabled... Let's see now: $ /opt/cin/cinelerra=20 bash: /opt/cin/cinelerra: Permission denied $ Still no perms. Let's see the logs... Here's all of the last 4 minutes, some of it is unrelated... (but not much)... Apr 27 01:27:27 gcn kernel: [64641.781399] grsec: (admin:S:/) exec of /bin/chown (chown -R miro:miro /opt/cin ) by /bin/chown[bash:2762] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:27:30 gcn kernel: [64645.172084] grsec: (admin:S:/) exec of /bin/ls (ls --color=3Dauto -lR /opt/cin ) by /bin/ls[bash:2765] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:27:35 gcn kernel: [64649.857577] grsec: (admin:S:/) exec of /bin/ls (ls --color=3Dauto -lR /opt/cin ) by /bin/ls[bash:2766] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:27:35 gcn kernel: [64649.858204] grsec: (admin:S:/) exec of /bin/grep (grep --colour=3Dauto -v miro:miro ) by /bin/grep[bash:2767] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:27:40 gcn kernel: [64654.827499] grsec: (admin:S:/) exec of /bin/ls (ls --color=3Dauto -lR /opt/cin ) by /bin/ls[bash:2768] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:27:40 gcn kernel: [64654.828065] grsec: (admin:S:/) exec of /bin/grep (grep --colour=3Dauto -v miro miro ) by /bin/grep[bash:2769] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:28:02 gcn kernel: [64677.511632] grsec: (admin:S:/) exec of /bin/cat (cat ) by /bin/cat[bash:2770] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:28:21 gcn kernel: [64695.527041] grsec: (admin:S:/) exec of /bin/cat (cat ) by /bin/cat[bash:2773] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:29:12 gcn kernel: [64746.570670] grsec: (admin:S:/) exec of /bin/ls (ls --color=3Dauto -l /opt/cin/ ) by /bin/ls[bash:2776] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:29:14 gcn kernel: [64748.936640] grsec: (admin:S:/) exec of /bin/ls (ls --color=3Dauto -ltr /opt/cin/ ) by /bin/ls[bash:2778] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:29:19 gcn kernel: [64754.200201] grsec: (admin:S:/) exec of /usr/bin/file (file /opt/cin/cinelerra ) by /usr/bin/file[bash:2780] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:29:51 gcn kernel: [64786.313172] grsec: (miro:U:/bin/bash) denied execution of /opt/cin/cinelerra by /bin/bash[bash:2781] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:29:51 gcn kernel: [64786.313299] grsec: (miro:U:/bin/bash) denied open of /opt/cin/cinelerra for reading by /bin/bash[bash:2781] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:30:01 gcn crond[2785]: setreuid failed: root 0 Apr 27 01:30:01 gcn crond[2785]: unable to ChangeUser (user root if test -f /var/lib/lurker/db; then /usr/bin/lurker-prune; fi) Apr 27 01:30:01 gcn kernel: [64796.431534] grsec: (root:U:/usr/sbin/crond) change to uid 0 denied for /usr/sbin/crond[crond:2785] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:01 gcn crond[2736]: exit status 1 from user root if test -f /var/lib/lurker/db; then /usr/bin/lurker-prune; fi Apr 27 01:30:01 gcn crond[2784]: setreuid failed: root 0 Apr 27 01:30:01 gcn crond[2784]: unable to ChangeUser (user root test -x /usr/sbin/run-crons && /usr/sbin/run-crons) Apr 27 01:30:01 gcn kernel: [64796.432385] grsec: (root:U:/usr/sbin/crond) change to uid 0 denied for /usr/sbin/crond[crond:2784] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:16 gcn crond[2736]: exit status 1 from user root test -x /usr/sbin/run-crons && /usr/sbin/run-crons Apr 27 01:30:31 gcn kernel: [64825.811373] grsec: (admin:S:/) exec of /sbin/gradm (gradm -S ) by /sbin/gradm[bash:2792] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:32 gcn kernel: [64827.313880] grsec: (admin:S:/) exec of /sbin/gradm (gradm -D ) by /sbin/gradm[bash:2795] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:35 gcn kernel: [64829.814050] grsec: shutdown auth success for /sbin/gradm[gradm:2795] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:35 gcn kernel: [64829.827421] grsec: exec of /sbin/grlearn (/sbin/grlearn -stop ) by /sbin/grlearn[gradm:2796] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:41 gcn kernel: [64836.273454] grsec: exec of /bin/cat (cat ) by /bin/cat[bash:2797] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:30:48 gcn smartd[3091]: Device: /dev/sda [SAT], SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 72 to 73 Apr 27 01:30:48 gcn smartd[3091]: Device: /dev/sda [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 28 to 27 Apr 27 01:31:09 gcn kernel: [64863.814563] grsec: denied untrusted exec (due to being in untrusted group and file in non-root-owned directory) of /opt/cin/cinelerra by /opt/cin/cinelerra[bash:2799] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 The last one will be easy: # cat /proc/sys/kernel/grsecurity/tpe 1 # cat /proc/sys/kernel/grsecurity/tpe_restrict_all=20 1 # echo "0" > /proc/sys/kernel/grsecurity/tpe # echo "0" > /proc/sys/kernel/grsecurity/tpe_restrict_all=20 # cat /proc/sys/kernel/grsecurity/tpe 0 # cat /proc/sys/kernel/grsecurity/tpe_restrict_all=20 0 #=20 And it's much better, but it still... freezes: miro@gcn ~ $ /opt/cin/cinelerra=20 sh: pactl: command not found Cinelerra 5.1 git://git.cinelerra-cv.org/goodguy/cinelerra.git (c)2015: Adam Williams Cinelerra is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. There is absolutely no warranty for Cinelerra. MESA-LOADER: could not create udev device for fd 5 MESA-LOADER: could not create udev device for fd 6 MESA-LOADER: could not create udev device for fd 6 init plugin index: /opt/cin/plugins init ladspa index: /opt/cin/ladspa MESA-LOADER: could not create udev device for fd 10 MESA-LOADER: could not create udev device for fd 11 MESA-LOADER: could not create udev device for fd 11 dbg_add, dup ffffffffffffffff 12BC_Clipboard 12BC_Clipboard dbg_add, dup ffffffffffffffff 11CWindowTool 12BC_Clipboard dbg_add, dup ffffffffffffffff 9CPlayback 12BC_Clipboard And it shows the Cinelerra girl holding huge 5.1 notice, but it remains at the small "Initializing Fonts" notice in bottom left. And here are the logs: Apr 27 01:33:28 gcn kernel: [65002.723399] grsec: exec of /bin/cat (cat ) by /bin/cat[bash:2802] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:34:52 gcn kernel: [65086.539066] grsec: exec of /bin/cat (cat /proc/sys/kernel/grsecurity/tpe ) by /bin/cat[bash:2805] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:34:57 gcn kernel: [65092.205246] grsec: exec of /bin/cat (cat /proc/sys/kernel/grsecurity/tpe_restrict_all ) by /bin/cat[bash:2809] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:35:01 gcn kernel: [65096.305160] grsec: exec of /bin/cat (cat /proc/sys/kernel/grsecurity/tpe ) by /bin/cat[bash:2812] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:35:03 gcn kernel: [65097.981897] grsec: exec of /bin/cat (cat /proc/sys/kernel/grsecurity/tpe_restrict_all ) by /bin/cat[bash:2813] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:35:15 gcn kernel: [65110.221354] grsec: exec of /bin/cat (cat /proc/sys/kernel/grsecurity/tpe ) by /bin/cat[bash:2814] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:35:20 gcn kernel: [65115.255716] grsec: exec of /bin/cat (cat /proc/sys/kernel/grsecurity/tpe_restrict_all ) by /bin/cat[bash:2817] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:35:32 gcn kernel: [65126.681191] grsec: exec of /bin/cat (cat ) by /bin/cat[bash:2818] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3278] uid/euid:0/0 gid/egid:0/0 Apr 27 01:35:41 gcn kernel: [65135.538152] grsec: exec of /opt/cin/cinelerra (/opt/cin/cinelerra ) by /opt/cin/cinelerra[bash:2821] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:41 gcn kernel: [65135.746122] grsec: exec of /bin/bash (sh -c pactl list sinks ) by /bin/bash[cinelerra:2822] uid/euid:1000/1000 gid/egid:1000/1000, parent /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:41 gcn kernel: [65135.902467] grsec: denied RWX mmap of by /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:41 gcn kernel: [65136.432813] grsec: denied RWX mmap of by /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:42 gcn kernel: [65136.551542] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /opt/cin/plugins/blending/chromakeyhsv.plugin by /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:42 gcn kernel: [65136.713747] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /opt/cin/plugins/themes/theme_blond.plugin by /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3549] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:42 gcn kernel: [65136.714057] grsec: more alerts, logging disabled for 10 seconds Apr 27 01:35:44 gcn kernel: [65138.937557] grsec: exec of /bin/bash (sh -c find /opt/cin/plugins/fonts -name 'fonts.dir' -print -exec cat {} \; ) by /bin/bash[cinelerra:2823] uid/euid:1000/1000 gid/egid:1000/1000, parent /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:44 gcn kernel: [65138.942376] grsec: exec of /usr/bin/find (find /opt/cin/plugins/fonts -name fonts.dir -print -exec cat {} ; ) by /usr/bin/find[sh:2823] uid/euid:1000/1000 gid/egid:1000/1000, parent /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:44 gcn kernel: [65138.945761] grsec: chdir to /home/miro by /usr/bin/find[find:2824] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/find[find:2823] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:44 gcn kernel: [65138.945932] grsec: exec of /bin/cat (cat /opt/cin/plugins/fonts/fonts.dir ) by /bin/cat[find:2824] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/find[find:2823] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:35:44 gcn kernel: [65138.948499] grsec: chdir to /home/miro by /usr/bin/find[find:2823] uid/euid:1000/1000 gid/egid:1000/1000, parent /opt/cin/cinelerra[cinelerra:2821] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.876214] grsec: exec of /usr/bin/urxvt (urxvt -fn fixed ) by /usr/bin/urxvt[bash:2825] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3528] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.933469] grsec: exec of /bin/bash (bash ) by /bin/bash[urxvt:2828] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/urxvt[urxvt:2825] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.941718] grsec: exec of /usr/bin/dircolors (dircolors -b /etc/DIR_COLORS ) by /usr/bin/dircolors[bash:2830] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2829] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.946065] grsec: exec of /usr/bin/dircolors (dircolors -b ) by /usr/bin/dircolors[bash:2833] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2832] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.951306] grsec: exec of /usr/bin/dircolors (dircolors -b /etc/DIR_COLORS ) by /usr/bin/dircolors[bash:2835] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2834] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.954851] grsec: exec of /usr/bin/dircolors (dircolors -b ) by /usr/bin/dircolors[bash:2838] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2837] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.959097] grsec: exec of /usr/bin/setxkbmap (setxkbmap gb ) by /usr/bin/setxkbmap[bash:2839] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2828] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.968559] grsec: exec of /bin/bash (sh -c "/usr/bin/xkbcomp" -w 1 "-R/usr/share/X11/xkb" -xkm "-" -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " ) by /bin/bash[X:2840] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/Xorg[X:3514] uid/euid:1000/0 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.972402] grsec: exec of /usr/bin/xkbcomp (/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 The XKEYBOARD keymap compiler (xkbcomp) reports: -emp > -eml Errors =66rom) by /usr/bin/xkbcomp[sh:2840] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/Xorg[X:3514] uid/euid:1000/0 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65162.974261] grsec: chdir to /usr/share/X11/xkb by /usr/bin/xkbcomp[xkbcomp:2840] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/Xorg[X:3514] uid/euid:1000/0 gid/egid:1000/1000 Apr 27 01:36:08 gcn kernel: [65163.003312] grsec: exec of /usr/bin/xset (xset r rate 185 45 ) by /usr/bin/xset[bash:2841] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2828] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:36:15 gcn kernel: [65169.779564] grsec: exec of /usr/bin/top (top ) by /usr/bin/top[bash:2842] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2828] uid/euid:1000/1000 gid/egid:1000/1000 Apr 27 01:40:01 gcn kernel: [65396.443640] grsec: chdir to /root by /usr/sbin/crond[crond:2843] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.443867] grsec: exec of /bin/bash (/bin/sh -c test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) by /bin/bash[crond:2843] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:2736] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.497593] grsec: exec of /usr/sbin/run-crons (/usr/sbin/run-crons ) by /usr/sbin/run-crons[sh:2846] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:2843] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.503214] grsec: exec of /bin/ln (ln -sn 2846 /var/lock/cron.hourly ) by /bin/ln[run-crons:2847] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.506166] grsec: exec of /usr/bin/find (find /var/spool/cron/lastrun/ -name cron.hourly -cmin +65 -exec rm {} ; ) by /usr/bin/find[run-crons:2848] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.508626] grsec: chdir to /root by /usr/bin/find[find:2849] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/find[find:2848] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.508811] grsec: exec of /bin/rm (rm /var/spool/cron/lastrun/cron.hourly ) by /bin/rm[find:2849] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/find[find:2848] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.509775] grsec: chdir to /root by /usr/bin/find[find:2848] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.511169] grsec: exec of /bin/touch (touch /var/spool/cron/lastrun/cron.hourly ) by /bin/touch[run-crons:2850] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.513833] grsec: exec of /bin/rm (rm -f /var/lock/cron.hourly ) by /bin/rm[run-crons:2851] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.515752] grsec: exec of /bin/ln (ln -sn 2846 /var/lock/cron.daily ) by /bin/ln[run-crons:2852] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.517915] grsec: exec of /usr/bin/find (find /var/spool/cron/lastrun/ -name cron.daily -cmin +1445 -exec rm {} ; ) by /usr/bin/find[run-crons:2853] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.519196] grsec: chdir to /root by /usr/bin/find[find:2853] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:01 gcn kernel: [65396.520249] grsec: exec of /bin/rm (rm -f /var/lock/cron.daily ) by /bin/rm[run-crons:2854] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.522345] grsec: exec of /bin/ln (ln -sn 2846 /var/lock/cron.weekly ) by /bin/ln[run-crons:2855] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.524472] grsec: exec of /usr/bin/find (find /var/spool/cron/lastrun/ -name cron.weekly -cmin +10085 -exec rm {} ; ) by /usr/bin/find[run-crons:2856] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.525886] grsec: chdir to /root by /usr/bin/find[find:2856] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.527211] grsec: exec of /bin/rm (rm -f /var/lock/cron.weekly ) by /bin/rm[run-crons:2857] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.529376] grsec: exec of /bin/ln (ln -sn 2846 /var/lock/cron.monthly ) by /bin/ln[run-crons:2858] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.531750] grsec: exec of /usr/bin/find (find /var/spool/cron/lastrun/ -name cron.monthly -cmin +44645 -exec rm {} ; ) by /usr/bin/find[run-crons:2860] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.533329] grsec: chdir to /root by /usr/bin/find[find:2860] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.534368] grsec: exec of /bin/touch (touch /var/spool/cron/lastrun ) by /bin/touch[run-crons:2861] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.536486] grsec: exec of /usr/bin/find (find /var/spool/cron/lastrun/ -newer /var/spool/cron/lastrun -exec /bin/rm -f {} ; ) by /usr/bin/find[run-crons:2862] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.537982] grsec: chdir to /root by /usr/bin/find[find:2862] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 Apr 27 01:40:02 gcn kernel: [65396.539029] grsec: exec of /bin/rm (rm -f /var/lock/cron.monthly ) by /bin/rm[run-crons:2863] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:2846] uid/euid:0/0 gid/egid:0/0 And here we actually reach to where it's pretty high brow... I'll rush to send you this, I'm sure you're eager to know too... --=20 Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr ----- End forwarded message ----- --=20 Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr --QnBU6tTI9sljzm9u Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXIF5IAAoJEOqYhIhPuvCuUicP/A8ix8+HJBWWxueoeIysPFAs yHTkRIWXbYFNRx2HugmRzh9B5+k3z27T6LVl4vhgoWPZDw+jBa1+opXxIXkOIWSf J5BzwX5zeq9CtximQGxkLUmFTkwFrptsxGB/F0DzVFbd20nGp3bX86shgBwdRVLd EWj9qdkPZhvcmPqfxcj5u/pig+ViSuITBcqp+P6/R2dnmE/ErlrH6GFWkX+K4uaI WEAsxdaS/nc68Hql+486SgCiHGvS7tFfTssYMAmJHHzgf8GbX/Vzi1PYi32cITwz 4CiI4mnUsWXGnQNLcTaa8HfKgWUKjvRqdD9ic1STQ2pmgrJZgCjUkMRBfvPjuWMp Gfra+reCqbK/Mj2vP2RfmojMJerXfnfZJngL+eZ64IcKnF7l9bv3c7PMgcwauVmK 2Ci7cb4mvMqNw2GPOM/0QoZc6LHz8tXzni59kWmhYDi97CjuVsErLK/RoWLay5eb 28vQrrTKgorTZ0IjYbufqg4rcBAj/ux+FsCFm73cFj9ftb6+PHxMefGatgnXv3kb XogLLajwYDo0vpR3gSqyt3tlUOCC3MSavo4+jFS/Eyk9lzUIOs0Zn4qNS94kFGu6 PsEAvKoQHnCQJVbZpvRMkVwGVxD/wdzpgm8rIBtd+/1/h3koLyVfgdo30UulF24Z ZY5B84dFr2aZ9UPjnbna =z9jE -----END PGP SIGNATURE----- --QnBU6tTI9sljzm9u--