gradm - Administration program for the grsecurity RBAC system
gradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L <logfile> ] [ -O
<filename|stream> ] [ -M <filename|uid> ] [ -D ] [ -P [rolename] ] [ -a
<rolename> ] [ -n <rolename> ] [ -p <rolename> ] [ -u ] [ -V ] [ -h ] [
gradm is the userspace RBAC parsing and authentication program for
grsecurity aims to be a complete security system for Linux 2.4. gradm
performs several tasks for the RBAC system including authenticated via
a password to the kernel and parsing rules to be passed to the kernel.
All options to gradm are mutually exclusive, except for -L and -O.
-E Enable the RBAC system
-R Reload the RBAC system (only valid while in admin mode)
-C Perform a check of the RBAC policy, running the same analysis
against it that is performed when enabling.
-F Toggle full learning mode. If used only with -L, it enables the
RBAC system in full learning mode. If used with -L and -O, it
parses the full learning logs and generates a complete ruleset.
Remove an execution ban on a given uid or filename that has been
put in place by the RES_CRASH resource restriction of the RBAC
Parses the learning logs. Accepts an argument which specifies
the logfile to scan for the learning logs. If "-" is specified
as the logfile, stdin will be used as the learning log. This
option can be used with -E, -O, or -F.
Specifies output mode. Requires a single argument that can be
"stdout", "stderr", or a regular file. Only used with -L or -F.
-D Disable the RBAC system
Without an argument, it sets the password for administering the
RBAC system. With a role name as an argument, it sets the
password for that given special role.
Authenticate to a special role that requires a password.
Authenticate to a special role that does not require a password.
Authenticate through PAM to a special role.
-u Removes yourself from your current special role, reverting back
to the normal role selection. To be used, for instance, for
logging out of an admin role without exiting your shell.
-V Displays verbose policy statistics when enabling the RBAC system
or checking the RBAC policy. Can only be used with -C, -E, or
-F -L <filename>
-h Display help information
-v Print version information and exit
Please include as much information as possible(using any available
debugging options) and send bug reports for gradm or the grsecurity
RBAC system to firstname.lastname@example.org.
grsecurity and gradm were created and are maintained by Brad Spengler