Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Grsecurity RBAC policy splitter
Python
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
LICENSE
README.md
grsplit.py

README.md

GRSplit

GRSplit, a small policy splitter for Grsecurity RBAC policies

Requirements

  • Python 2.7 or greater (Python 3.X supported)

  • A (working) policy file generated by gradm. It has been tested with a policy file generated via gradm-2.2.2.201111011031

Usage

usage: grsplit.py [-h] [-d DIRECTORY] [-i INCLUDE_PATH] [-b] [-v] policy

a policy splitter for Grsecurity RBAC policies.

positional arguments:
  policy                policy file to be modified

optional arguments:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory DIRECTORY
                        use existing DIRECTORY as the directory to write files
                        in (default: "/etc/grsec/roles")
  -i INCLUDE_PATH, --include-path INCLUDE_PATH
                        path used in main policy file when including external
                        policy files. (default: "/etc/grsec/roles")
  -b, --suppress-backup
                        suppress backup file creation. (default: false)
  -v, --version         show program's version number and exit  

Description

Grsecurity RBAC policy is usually one single file containing information of every role associated with the system. If you are like me, it's pretty obnoxious to find entries linked to specific roles mixed up with others.

This script simply takes the single policy file, recognises where each role has been defined and created a specific file with the role name. Such file is then included in the main policy file.

Warning

Please, be aware that this software has not been extensively tested. It is likely to contain bugs, therefore it's adviced to make a hard copy of the policy file before relying on this script.

License

This script is released under MIT license. However, if you use this script and you find some further improvements and you want to share that with me, feel free to drop me a line. I'll be glad to hear that.

Fabiano 'elbryan' Francesconi

Something went wrong with that request. Please try again.