Grsecurity Analyser

Grsecurity RBAC is an access control system developed on top of Linux systems, deployed as a patch to the OS kernel. It supports the definition and dynamic enforcement of fine-grained access control policies.

In a paper recentely accepted for presentation at IEEE CSF 2012, we formalize Grsecurity RBAC semantics and, based on that, we develop gran, a tool for checking security flaws on real Grsecurity policies.

We also provide a virtual machine for testing gran and Grsecurity RBAC. Instructions and credentials are in the README file shipped with the virtualbox ova file.

Resources:

Challenge

There is a challenge inside the virtual image. After configuring the network, enable Grsecuriy RBAC by typing gradm -E as root and logout. Point your browser to http://virtual_machine_ip and read the service description. You are now ready to enjoy the service by connecting via ssh as user chuck (password: chuck). Your mission consists of retrieving the flag stored in /var/courses/compilers/flag.txt !