How to know if grsec isn't breaking anything?

Discussion in 'all things UNIX' started by zakazak, Feb 21, 2016.

  1. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Hey there,

    I am using Arch for ~8months so far and I believe I have everything set up correctly and with all the stuff that is needed (e.g. thermald which is unknown, not even in the official repo but a very important package altough it isn't working on all systems bug free so far, also not on mine but the bugs are being fixed right now).
    I know the struggle of not knowing what is breaking smth or not knowing if something isn't just installed and running but also working correctly or not (e.g. thermald). So I wonder:

    If I run grsec with paxd, how do I know and monitor that grsec + paxd aren't breaking things?

    For example, I know grsec breaks NVIDIA for me (unless I install grsec patched kernel from the AUR which I don't want to). I know grsec broke iceweasel/Firefox for me.
    But I only know that because I actively use those packages and fail to start them. But for a package/service that just sits in the backround and is supposed to do stuff silently and maybe only daily/weekly/monthly, I probably wouldn't ever notice that they aren't working correctly (e.g. thermald, tlp, SSD trim, dnscache, dnscrypt, etc etc).

    Thanks !
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    GrSec policy violations will appear in the kernel message logs. Look at dmesg and/or /var/log/messages.
     
  3. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Ye but that would mean that I have to constantly watch the file? A little "notifier" would be handy... or letting grsec/paxd write errors in a different logfile which would only contain the paxd/grsec errors and nothing else?
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    How exactly? Because I have no problems with them on Arch. Even Iceweasel from Parabola, which is compiled on another system, works fine.

    I hope you didn't fail to read the paxctl documentation :)
    And I also hope you didn't fail to start the programs via Terminal to see what is the problem.

    I would say: If you haven't had problems using these services, it's very likely that they're working just fine.

    Yes. At the end of each day you could do:

    Code:
    journalctl | grep grsec
     
  5. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    https://forums.grsecurity.net/viewtopic.php?f=3&t=3980
    https://forums.grsecurity.net/viewtopic.php?f=3&t=4352
    You must be a magician !

    That is like saying: If you crossed the street without looking left or right and you are still alive then everything will be fine for ever.

    If I don't have problems with a service then that doesn't mean that service is working, working correctly, working as it is supposed to.
    And just because it works now, doesn't mean a future update might not "silently" break it.

    Yes that is maybe a good idea.
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    Which Kernel are you using? The linux-grsec from Arch's repos? Or you compiled your own Kernel? Or an AUR Kernel?

    No, that's not even close.

    It's actually like saying "if you're running your bike fine until now, it's possible it still has fuel. If it didn't have fuel, you'd stop to a halt".

    There are a million packages that could be silently broken right now. And if something breaks, you can always install the older version located at /var/cache/pacman/pkg.
     
  7. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Offical grsec kernel from the official repos.

    Please stop replying with non-sense if you are wrong and either just accept the truth or don't reply at all.

    aha.... and that is a useless comment that is not even related to anything here.
     
  8. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
    It broke Chrome/Chromium extensions for me and it was very obvious about that. The browser would work fine but the extensions would crash within seconds of opening the browser.
     
  9. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    Listen, *******, I'm only trying to help. All I did was say that your system probably isn't broken if you didn't notice a symptom. I don't care if you think you're right, but don't throw BS like that to someone who is trying to help, even despite all BS you said on the past that everyone else refuted (and yet you think you're "The Mr. Knowledge").

    LOL, what a POS. You have to start paying attention to what you write, because you're obviously on the wrong side of the spectrum here.

    In what way is that not related to this thread? You're using Arch, and when something breaks in Arch you simply "pacman -U" on the package that was working before. And guess what? That comes right before you tell upstream (in this case, GRSEC) that they've broken userland. But I guess you expect someone to have already made a GUI that will tell when something breaks on your machine instead of reading the logs, right? So much for using a distro with the KISS principle. ********.

    Maybe Arch isn't for you afterall.

    Good day.

    Did you set "pemrs" permissions on Chrome's binary? You could also try setting these permissions on the extensions' executables, and then removing permission-by-permission to see what is causing the problems. Or just do "journalctl | grep grsec" to see the logs (they're pretty informative).
     
    Last edited: Feb 22, 2016
  10. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Proven to be wrong twice already.. latest event was "thermald".. no issues, no symptoms -> still not working correctly.
    And I did tell you this twice already, and still u go on....

    I always appreciate help, most times I take time to thank for it.. but all you do are posting your personal opinions which I don't agree with and there for don't help at all.
    Everyone = you?

    Thank you for your opinion. Not helping in this thread (again).

    I am not sure how you relate my question "how to know if grsec is breaking smth" with "how to downgrade a package with pacman".
    But thanks for trying to help.

    Yes a GUI for reporting problems/errors/bugs would be nice, but something like that even exists on GNOME already.
    It would be nice if I could tell grsec/paxd to log those relevant errors (and only those relevant errors) in a specific log file. That would make "double checking" a lot easier and I could script my own "gui" or "error checker".
    Not helping in this thread (again).

    Thank you for your opinion. Not helping in this thread (again).
     
  11. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    You take things literally, because you can't read texts. I said, twice, "probably" and "maybe".

    No. https://www.wilderssecurity.com/threads/arch-linux-and-anti-malware.378537/

    Again, you MUST have some sort of reading and/or interpreting disability.

    You said:
    "doesn't mean a future update might not "silently" break it"
    I said: If it breaks, you can revert back to the package that was working, and than report the problems upstream.

    This is totally related to the issue in hands. Only you can't see that. In addition, you seem to take full answers and break them down in an order which you think makes them not related to the issue, which is either (again) stupidity or just bad character. The part where I said you're on the wrong side of the spectrum comes hand-in-hand with the part where I explain you didn't read my post correctly, the post which is related to your issue: if it breaks, you can revert until upstream fixes the problem. That's not an opinion, that's a fact.

    What program does that on GNOME? I would like to check that out.
     
    Last edited: Feb 24, 2016
  12. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Wow what kind of help is that :D probably, maybe... Haha yes " maybe you won't die when jumping from the 50th floor of a building, so everything is fine" .

    So as I thought... Everyone = you

    And again: my question is: how to know if grsec breaks a package..not how to fix a broken package or revert back.
    Yes a future update might silently break it. And I asked how to make sure it won't happen unnoticed. Not how to fix that...to fix smth I have to notice it first, which is what my thread/question is about.

    So thanks for not contributing anything on-topic.

    I believe it is "gnome-system-log" or something with "dconf" or similiar. It lets you watch all kind of logs in one handy gui (basically it is a text viewer with a quick selection of relevant log files). But I didnt really use it yet so I might be wrong.
    Atleast it gets installed with my "minimized GNOME setup":
    http://files.bestmail.ws/Arch/setup/GNOME-Minimized.txt

    ....so much off topic here :/
     
  13. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    Really? I thought I wouldn't have to post the answers here.

    Let's see:



    Then you posted this link: http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/

    And then again, you were proven wrong:
    But your only argument was "hur durr I've seen this fanboy talk".

    But let's continue, shall we?




    So yeah, not many people agreed with you there.

    And yet again, you're either just showing how stupid a person can be, or you're showing your bad character, because "only you" has been proven to be just another one of your lies.


    You're wrong, again. I did contribute to the topic:

    "chech out journalctl and grep for grsec"
    "if something breaks, report upstream"
    "you can revert packages back when they break"

    But I guess you're so spoiled that you think "helping" is only when people give you exactly the things you want, like the child who starts crying "my mom is terrible!!!" when she doesn't bring him the exact type of grocery he wanted or didn't put the candy into his mouth and chewed for him. Right? Being stupid is not a choice. Being a AH is, just like on that "arch linux and anti-malware" thread where you refused to learn and was being arrogant.

    I don't know such tool you're asking for, so I helped with what I have in hands. And doing what I already told you is enough for seeing if grsec broke something.
     
  14. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Wow from around 80-100 posts you were able to quote 10. congratulations. And you still proof that you have reading problems. That thread was about "which anti-malware tools exist for Arch Linux" and not about "do I need them?".

    Either you have proven twice in one thread that you can't read or that you are too much focused on putting your own opinion into everyones head.

    And whenever I read another "new linux exploit" or "new linux backdoor" or "new driveby" thread in this forum then I still have to disagree with those 10 quotes that you just posted. But this all is still off topic and the only thing you do is continuing with being off topic, opinion based and not helpfull at all ;-)

    If "chech out journalctl and grep for grsec" is all that you can contribute to this topic (usefull contributing) then thanks for that. You can now stay out of this thread. It's appreciated.
     
    Last edited: Feb 24, 2016
  15. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    Post count:

    21 - mine;
    13 - Zakazak;
    10 - disagree (not including my own posts);
    1 - recommends linux solutions which are not antivirus/antimalware, and says nobody will recommend anti-this/anti-that for linux;
    3 - firewall related;
    1 - user points the AUR, but says "I seriously doubt you need an av";
    8 - debian sudo vs su related;
    1 - talked about how you can use firejail for exploits;
    others - 32 (including mine)

    People agreeing with you: 0?

    I couldn't find anyone agreeing with you. Could you? And what does this tell you?

    As others have pointed out, you don't even want to learn. Your knowledge about Linux is very limited (as you said it yourself) and yet you argue, with people that know more about this than you, in a non-polite way. That's rude, to say the least.

    :argh::argh: Arrogant as always! LOL.

    No, I'm staying. I need to show people what the true face of Zakazak looks like ;) How you're rude and arrogant every time someone disagrees with you; how you think you're "The Mr. Knowledge" despite everyone saying the contrary; how you refuse to accept answers just because they don't fit what you consider to be true. But that is your story actually, logic and evidence don't matter, you're still inside your own little twisted bubble.

    Still think Linux needs antimalware? That's your problem. Everybody else disagrees and most will point out that you don't need them.

    Still think you need such tool for grsec? Good luck finding it. All I'm saying is, instead of arguing about things you don't know (Linux in general), it's much easier to just do "journalctl | grep grsec" while you don't find/create such tool.

    And, not stressing this enough: Don't be an A-Hole. I'm here wasting my time with you, pointing out that it's much simpler and faster to do it via Terminal; but saying "get out of here" and "either just accept the truth or don't reply at all" is a typical behavior of someone who is NOT willing learn, doesn't know how to engage in conversations, lives in a bubble, and worse, lies like a sociopath. This is the child's behavior mentioned above (except the lying part).

    So how about you try to be more polite and respect when others try to help?
     
    Last edited: Feb 24, 2016
  16. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    And again.. I don't need anyone to agree with me. I asked for "what security solutions exist on Arch". Not for "give me your opinion".
    Again you fail to read.. stop being off topic.

    Staying to show off in an online forum? Showing "my true face" in an online forum? Oh boy, I could annoy you all night long, even throw bad words at you until I get banned and then just re-register... because I don't have to show my true face in an online forum :D

    Rude and arrogant? :D You are the rude on, posting 7000 off-topic random posts that no one needs and wants in the thread.
    Nope I am not "The Mr. Knowledge", I even wrote that I am not so familiar with Linux yet. But I have a lot of knowledge when it comes to other things. And guess what, this doesn't just mean "malware", "exploits" or "blackhead stuff".

    Yup I still think Linux needs antimalware. And no it isn't a problem for me.
    Thanks, you have posted this helpful terminal-command three times now. I already appreciated the first time so no need to continue unless you want to show how handicapped you are :)
    Again you fail to read.. my "get out of here" was related to: you can't contribute anything als then your "journalctl" command. So thanks for that and bye :)

    Again you fail to read..because I appreciate help, respect other people.

    Oh and in opposite to you I am actually polite:

    Ohh.. I didn't know this exists :p :
     
  17. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    :argh::argh: Again, you take things literally. "Show the face" doesn't mean actually show the face, but show who you really are.

    Re-read this thread. I was on-topic until you decided to be a jerk.

    6 = half a dozen. I get it.

    Because who wouldn't lose their mind after trying to teach a stubborn AH over and over, and get this kind of response:

    "Please stop replying with non-sense if you are wrong and either just accept the truth or don't reply at all."
     
  18. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Sweeeeet... should I press "Show Ingored Content" ? Nah it's "amarildojr" so the content won't be helpful/usesful anyway <3
     
  19. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    How mature :)
     
  20. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    If you think some code might be handy, you either code it yourself or you simply wait for someone else to do it for you.
    With using free software, you've given up ANY entitlement to bit** about something not being available (if it's not been promised).
    You do understand that, right?
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    That's enough. Let's be civil in these discussions here.
     
  22. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    I don't see me bitching around about a "notifier" or similiar that doesn't exist?

    But ye, my plan is to code smth like that myself. How ever, I think it would be easier and more ressource friendly if grsec/paxd could log those "special events" in a different log file.

    So I might start codig smth when I have the time for it but in the meantime any other tricks/suggesrions are welcome.
     
Loading...