NAME
gradm - Administration program for grsecurity ACLs
SYNOPSIS
gradm
[
-E
]
[
-R
]
[
-L [logfile]
]
[
-O <filename|stream>
]
[
-M
<filename|uid>
]
[
-D
]
[
-T
<subject> <object>
]
[
-P
]
[
-a
]
[
-h
]
[
-v
]
DESCRIPTION
gradm
is the userspace ACL parsing and authentication program for the
grsecurity
Access Control List System.
grsecurity aims to be a complete security system for Linux 2.4. gradm
performs several tasks for the ACL system including authenticated via a
password to the kernel and parsing ACLs to be passed to the kernel.
OPTIONS
REPORTING BUGS
Please include as much information as possible(using any available debugging
options) and send bug reports for gradm or the grsecurity ACL system
to
dev@grsecurity.net.
AUTHOR
grsecurity and gradm
were created and are maintained by Brad Spengler <spender@grsecurity.net>
All options to gradm are mutually exclusive, except for -L and -O.
- -E
- Enable the ACL system
-R
Reload the ACL system (only valid while in admin mode)
-M <filename|uid>
Remove an execution ban on a given uid or filename that has been
put in place by the RES_CRASH resource restriction of the ACL system.
-L [logfile]
Parses the learning logs. Accepts an optional argument which
specifies the kernel logfile to scan for the learning logs.
Learning logs are logged through syslog with a level of INFO.
If the argument is not specified, gradm will scan your
/etc/syslog.conf file to find a suitable log to scan.
This option has to be used with -O.
-O <filename|stream>
Specifies output mode. Requires a single argument that can be
"stdout", "stderr", or a regular file. Only used with -L.
-D
Disable the ACL system
-T <subject> <object>
Displays the permissions for object allowed by subject
-P
Setup the password for the ACL system
-a
Obtain full administrative capabilities(override ACL system)
-h
Display help information
-v
Print version information and exit