{ "content": [ { "type": "text", "text": "# gradm(8) (man)\n\n**Summary:** gradm - Administration program for the grsecurity RBAC system\n\n**Synopsis:** gradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L ] [ -O ] [ -M ] [ -D ] [ -P [rolename] ] [ -a ] [ -n ] [ -p ] [\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| -E | — | — | |\n| -R | — | — | |\n| -C | — | — | formed when enabling. |\n| -F | — | — | learning mode. If used with -L and -O, it parses the full learning logs and generates a complete ruleset. |\n| -M | — | | Remove an execution ban on a given uid or filename that has been put in place by the RESCRASH resource restriction of th |\n| -L | — | | Parses the learning logs. Accepts an argument which specifies the logfile to scan for the learning logs. If \"-\" is speci |\n| -O | — | | Specifies output mode. Requires a single argument that can be \"stdout\", \"stderr\", or a regular file. Only used with -L o |\n| -D | — | — | |\n| -P | — | — | Without an argument, it sets the password for administering the RBAC system. With a role name as an argument, it sets th |\n| -a | — | | Authenticate to a special role that requires a password. |\n| -n | — | | Authenticate to a special role that does not require a password. |\n| -p | — | | Authenticate through PAM to a special role. |\n| -u | — | — | lection. To be used, for instance, for logging out of an admin role without exiting your shell. |\n| -V | — | — | policy. Can only be used with -C, -E, or -F -L |\n| -h | — | — | |\n| -v | — | — | |\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (2 lines) — 1 subsections\n - -u -V -h -v (1 lines)\n- **DESCRIPTION** (7 lines)\n- **OPTIONS** (2 lines) — 16 subsections\n - -E (1 lines)\n - -R (1 lines)\n - -C (3 lines)\n - -F (4 lines)\n - -M (4 lines)\n - -L (5 lines)\n - -O (4 lines)\n - -D (1 lines)\n - -P [rolename] (4 lines)\n - -a (3 lines)\n - -n (3 lines)\n - -p (3 lines)\n - -u (4 lines)\n - -V (3 lines)\n - -h (1 lines)\n - -v (1 lines)\n- **REPORTING BUGS** (4 lines)\n- **AUTHOR** (6 lines)\n\n## Full Content\n\n### NAME\n\ngradm - Administration program for the grsecurity RBAC system\n\n### SYNOPSIS\n\ngradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L ] [ -O ] [ -M ] [ -D ] [ -P [rolename] ] [ -a ] [ -n ] [ -p ] [\n\n#### -u -V -h -v\n\n### DESCRIPTION\n\ngradm is the userspace RBAC parsing and authentication program for grsecurity\n\ngrsecurity aims to be a complete security system for Linux 2.4. gradm performs several tasks\nfor the RBAC system including authenticated via a password to the kernel and parsing rules to\nbe passed to the kernel.\n\n### OPTIONS\n\nAll options to gradm are mutually exclusive, except for -L and -O.\n\n#### -E\n\n#### -R\n\n#### -C\n\nformed when enabling.\n\n#### -F\n\nlearning mode. If used with -L and -O, it parses the full learning logs and generates\na complete ruleset.\n\n#### -M \n\nRemove an execution ban on a given uid or filename that has been put in place by the\nRESCRASH resource restriction of the RBAC system.\n\n#### -L \n\nParses the learning logs. Accepts an argument which specifies the logfile to scan for\nthe learning logs. If \"-\" is specified as the logfile, stdin will be used as the\nlearning log. This option can be used with -E, -O, or -F.\n\n#### -O \n\nSpecifies output mode. Requires a single argument that can be \"stdout\", \"stderr\", or\na regular file. Only used with -L or -F.\n\n#### -D\n\n#### -P [rolename]\n\nWithout an argument, it sets the password for administering the RBAC system. With a\nrole name as an argument, it sets the password for that given special role.\n\n#### -a \n\nAuthenticate to a special role that requires a password.\n\n#### -n \n\nAuthenticate to a special role that does not require a password.\n\n#### -p \n\nAuthenticate through PAM to a special role.\n\n#### -u\n\nlection. To be used, for instance, for logging out of an admin role without exiting\nyour shell.\n\n#### -V\n\npolicy. Can only be used with -C, -E, or -F -L \n\n#### -h\n\n#### -v\n\n### REPORTING BUGS\n\nPlease include as much information as possible(using any available debugging options) and\nsend bug reports for gradm or the grsecurity RBAC system to spender@grsecurity.net.\n\n### AUTHOR\n\ngrsecurity and gradm were created and are maintained by Brad Spengler \n\n\n\nGRADM(8)\n\n" } ], "structuredContent": { "command": "gradm", "section": "8", "mode": "man", "summary": "gradm - Administration program for the grsecurity RBAC system", "synopsis": "gradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L ] [ -O ] [ -M ] [ -D ] [ -P [rolename] ] [ -a ] [ -n ] [ -p ] [", "flags": [ { "flag": "-E", "long": null, "arg": null, "description": "" }, { "flag": "-R", "long": null, "arg": null, "description": "" }, { "flag": "-C", "long": null, "arg": null, "description": "formed when enabling." }, { "flag": "-F", "long": null, "arg": null, "description": "learning mode. If used with -L and -O, it parses the full learning logs and generates a complete ruleset." }, { "flag": "-M", "long": null, "arg": "", "description": "Remove an execution ban on a given uid or filename that has been put in place by the RESCRASH resource restriction of the RBAC system." }, { "flag": "-L", "long": null, "arg": "", "description": "Parses the learning logs. Accepts an argument which specifies the logfile to scan for the learning logs. If \"-\" is specified as the logfile, stdin will be used as the learning log. This option can be used with -E, -O, or -F." }, { "flag": "-O", "long": null, "arg": "", "description": "Specifies output mode. Requires a single argument that can be \"stdout\", \"stderr\", or a regular file. Only used with -L or -F." }, { "flag": "-D", "long": null, "arg": null, "description": "" }, { "flag": "-P", "long": null, "arg": null, "description": "Without an argument, it sets the password for administering the RBAC system. With a role name as an argument, it sets the password for that given special role." }, { "flag": "-a", "long": null, "arg": "", "description": "Authenticate to a special role that requires a password." }, { "flag": "-n", "long": null, "arg": "", "description": "Authenticate to a special role that does not require a password." }, { "flag": "-p", "long": null, "arg": "", "description": "Authenticate through PAM to a special role." }, { "flag": "-u", "long": null, "arg": null, "description": "lection. To be used, for instance, for logging out of an admin role without exiting your shell." }, { "flag": "-V", "long": null, "arg": null, "description": "policy. Can only be used with -C, -E, or -F -L " }, { "flag": "-h", "long": null, "arg": null, "description": "" }, { "flag": "-v", "long": null, "arg": null, "description": "" } ], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 2, "subsections": [ { "name": "-u -V -h -v", "lines": 1, "flag": "-v" } ] }, { "name": "DESCRIPTION", "lines": 7, "subsections": [] }, { "name": "OPTIONS", "lines": 2, "subsections": [ { "name": "-E", "lines": 1, "flag": "-E" }, { "name": "-R", "lines": 1, "flag": "-R" }, { "name": "-C", "lines": 3, "flag": "-C" }, { "name": "-F", "lines": 4, "flag": "-F" }, { "name": "-M ", "lines": 4, "flag": "-M", "arg": "" }, { "name": "-L ", "lines": 5, "flag": "-L", "arg": "" }, { "name": "-O ", "lines": 4, "flag": "-O", "arg": "" }, { "name": "-D", "lines": 1, "flag": "-D" }, { "name": "-P [rolename]", "lines": 4, "flag": "-P", "arg": "[rolename]" }, { "name": "-a ", "lines": 3, "flag": "-a", "arg": "" }, { "name": "-n ", "lines": 3, "flag": "-n", "arg": "" }, { "name": "-p ", "lines": 3, "flag": "-p", "arg": "" }, { "name": "-u", "lines": 4, "flag": "-u" }, { "name": "-V", "lines": 3, "flag": "-V" }, { "name": "-h", "lines": 1, "flag": "-h" }, { "name": "-v", "lines": 1, "flag": "-v" } ] }, { "name": "REPORTING BUGS", "lines": 4, "subsections": [] }, { "name": "AUTHOR", "lines": 6, "subsections": [] } ] } }