Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

gradm2(8) [debian man page]

GRADM(8)						      System Manager's Manual							  GRADM(8)

NAME

       gradm - Administration program for the grsecurity RBAC system

SYNOPSIS

       gradm  [ -E ] [ -R ] [ -C ] [ -F ] [ -L <logfile> ] [ -O <filename|stream> ] [ -M <filename|uid> ] [ -D ] [ -P [rolename] ] [ -a <rolename>
       ] [ -n <rolename> ] [ -p <rolename> ] [ -u ] [ -V ] [ -h ] [ -v ]

DESCRIPTION

       gradm is the userspace RBAC parsing and authentication program for grsecurity

       grsecurity aims to be a complete security system for Linux 2.4.	gradm performs several tasks for the RBAC system  including  authenticated
       via a password to the kernel and parsing rules to be passed to the kernel.

OPTIONS

       All options to gradm are mutually exclusive, except for -L and -O.

       -E     Enable the RBAC system

       -R     Reload the RBAC system (only valid while in admin mode)

       -C     Perform a check of the RBAC policy, running the same analysis against it that is performed when enabling.

       -F     Toggle  full  learning  mode.   If  used only with -L, it enables the RBAC system in full learning mode.	If used with -L and -O, it
	      parses the full learning logs and generates a complete ruleset.

       -M <filename|uid>
	      Remove an execution ban on a given uid or filename that has been put in place by the RES_CRASH resource restriction of the RBAC sys-
	      tem.

       -L <logfile>
	      Parses  the  learning  logs.  Accepts an argument which specifies the logfile to scan for the learning logs.  If "-" is specified as
	      the logfile, stdin will be used as the learning log.  This option can be used with -E, -O, or -F.

       -O <filename|stream>
	      Specifies output mode.  Requires a single argument that can be "stdout", "stderr", or a regular file.  Only used with -L or -F.

       -D     Disable the RBAC system

       -P [rolename]
	      Without an argument, it sets the password for administering the RBAC system.  With a role name as an argument, it sets the  password
	      for that given special role.

       -a <rolename>
	      Authenticate to a special role that requires a password.

       -n <rolename>
	      Authenticate to a special role that does not require a password.

       -p <rolename>
	      Authenticate through PAM to a special role.

       -u     Removes yourself from your current special role, reverting back to the normal role selection.  To be used, for instance, for logging
	      out of an admin role without exiting your shell.

       -V     Displays verbose policy statistics when enabling the RBAC system or checking the RBAC policy.  Can only be used with -C, -E,  or	-F
	      -L <filename>

       -h     Display help information

       -v     Print version information and exit

REPORTING BUGS

       Please include as much information as possible(using any available debugging options) and send bug reports for gradm or the grsecurity RBAC
       system to spender@grsecurity.net.

AUTHOR

       grsecurity and gradm were created and are maintained by Brad Spengler <spender@grsecurity.net>

																	  GRADM(8)

Check Out this Related Man Page

CipUX::RBAC::Simple(3pm)				User Contributed Perl Documentation				  CipUX::RBAC::Simple(3pm)

NAME

       CipUX::RBAC::Simple - RBAC class for CipUX

VERSION

       version 3.4.0.0

SYNOPSIS

	 use CipUX::RBAC::Simple;

DESCRIPTION

       Provides functions for Role Based Access Control.

ABSTRACT

       The CipUX RBAC Simple class provides services to CipUX XML-RPC (CipUX::RPC) server.

CONFIGURATION AND ENVIRONMENT

       Not needed.

DEPENDENCIES

	Carp
	CipUX
	CipUX::Task
	Class::Std
	Data::Dumper
	English
	Graph
	Graph::Directed
	Log::Log4perl
	Readonly
	version

SUBROUTINES
/METHODS
       The following functions will be exported by CipUX::RBAC::Simple.

   DEMOLISH
       destructor

   access_to_rpc_intern( { user=>$user, role=>$role } )
       Return 1 on access 0 otherwise.

   access_to_task( { user=>$user, task=>$task } )
       Return 1 on access 0 otherwise.

   access_to_cat_module( { user=>$user, cat_module=>$cat_module } )
       Return 1 on access 0 otherwise.

   query( $task, $attr, $object )
       Queries the storage layer and returns a Perl list as the answer from the task command.

   flush
       Flush the cat_module, rpc_intern, task cache. Returns 1 on success 0 if flushing of one cache fails.

   cat_module_cache_size
       Returns number of cache entries.

   rpc_intern_cache_size
       Returns number of cache entries.

   task_cache_size
       Returns number of cache entries.

DIAGNOSTICS

       Do not have specific messages. It uses perr() from CipUX. See Perl Module CipUX for more information about perr().

   perr():
       access_to_rpc_intern: user, role

       access_to_task: user, task

       access_to_cat_module: user, cat_module

INCOMPATIBILITIES

       Not known.

BUGS AND LIMITATIONS

       No bugs have been reported.

SEE ALSO

       See the CipUX web page and the manual at <http://www.cipux.org>

       See the mailing list http://sympa.cipworx.org/wws/info/cipux-devel <http://sympa.cipworx.org/wws/info/cipux-devel>

AUTHOR

       Christian Kuelker  <christian.kuelker@cipworx.org>

LICENSE AND COPYRIGHT

       Copyright (C) 2009 by Christian Kuelker

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation,
       Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

DISCLAIMER OF WARRANTY

       BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
       WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
       EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
       THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF
       ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

       IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
       REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENSE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
       CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
       RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
       SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

perl v5.12.3							    2011-05-05						  CipUX::RBAC::Simple(3pm)
Man Page