GRSplit, a small policy splitter for Grsecurity RBAC policies
-
Python 2.7 or greater (Python 3.X supported)
-
A (working) policy file generated by gradm. It has been tested with a policy file generated via gradm-2.2.2.201111011031
usage: grsplit.py [-h] [-d DIRECTORY] [-i INCLUDE_PATH] [-b] [-v] policy
a policy splitter for Grsecurity RBAC policies.
positional arguments:
policy policy file to be modified
optional arguments:
-h, --help show this help message and exit
-d DIRECTORY, --directory DIRECTORY
use existing DIRECTORY as the directory to write files
in (default: "/etc/grsec/roles")
-i INCLUDE_PATH, --include-path INCLUDE_PATH
path used in main policy file when including external
policy files. (default: "/etc/grsec/roles")
-b, --suppress-backup
suppress backup file creation. (default: false)
-v, --version show program's version number and exit
Grsecurity RBAC policy is usually one single file containing information of every role associated with the system. If you are like me, it's pretty obnoxious to find entries linked to specific roles mixed up with others.
This script simply takes the single policy file, recognises where each role has been defined and created a specific file with the role name. Such file is then included in the main policy file.
Please, be aware that this software has not been extensively tested. It is likely to contain bugs, therefore it's adviced to make a hard copy of the policy file before relying on this script.
This script is released under MIT license. However, if you use this script and you find some further improvements and you want to share that with me, feel free to drop me a line. I'll be glad to hear that.