All options to gradm are mutually exclusive, except for -L and -O.
-E Enable the RBAC system
-R Reload the RBAC system (only valid while in admin mode)
-C Perform a check of the RBAC policy, running the same analysis against it that is performed when
enabling.
-F Toggle full learning mode. If used only with -L, it enables the RBAC system in full learning
mode. If used with -L and -O, it parses the full learning logs and generates a complete ruleset.
-M<filename|uid>
Remove an execution ban on a given uid or filename that has been put in place by the RES_CRASH
resource restriction of the RBAC system.
-L<logfile>
Parses the learning logs. Accepts an argument which specifies the logfile to scan for the
learning logs. If "-" is specified as the logfile, stdin will be used as the learning log. This
option can be used with -E, -O, or -F.
-O<filename|stream>
Specifies output mode. Requires a single argument that can be "stdout", "stderr", or a regular
file. Only used with -L or -F.
-D Disable the RBAC system
-P[rolename]
Without an argument, it sets the password for administering the RBAC system. With a role name as
an argument, it sets the password for that given special role.
-a<rolename>
Authenticate to a special role that requires a password.
-n<rolename>
Authenticate to a special role that does not require a password.
-p<rolename>
Authenticate through PAM to a special role.
-u Removes yourself from your current special role, reverting back to the normal role selection. To
be used, for instance, for logging out of an admin role without exiting your shell.
-V Displays verbose policy statistics when enabling the RBAC system or checking the RBAC policy. Can
only be used with -C, -E, or -F -L <filename>
-h Display help information
-v Print version information and exit
REPORTINGBUGS
Please include as much information as possible(using any available debugging options) and send bug
reports for gradm or the grsecurity RBAC system to spender@grsecurity.net.
Install Now
Emojis