Provided by: gradm2_3.1~201701031918-2build1_amd64 bug

NAME
       gradm - Administration program for the grsecurity RBAC system


SYNOPSIS
       gradm  [ -E ] [ -R ] [ -C ] [ -F ] [ -L <logfile> ] [ -O <filename|stream> ] [ -M <filename|uid> ] [ -D ]
       [ -P [rolename] ] [ -a <rolename> ] [ -n <rolename> ] [ -p <rolename> ] [ -u ] [ -V ] [ -h ] [ -v ]


DESCRIPTION
       gradm is the userspace RBAC parsing and authentication program for grsecurity

       grsecurity aims to be a complete security system for Linux 2.4.  gradm performs  several  tasks  for  the
       RBAC  system  including  authenticated via a password to the kernel and parsing rules to be passed to the
       kernel.


OPTIONS
       All options to gradm are mutually exclusive, except for -L and -O.

       -E     Enable the RBAC system

       -R     Reload the RBAC system (only valid while in admin mode)

       -C     Perform a check of the RBAC policy, running the same analysis against it that  is  performed  when
              enabling.

       -F     Toggle  full  learning  mode.   If  used only with -L, it enables the RBAC system in full learning
              mode.  If used with -L and -O, it parses the full learning logs and generates a complete ruleset.

       -M <filename|uid>
              Remove an execution ban on a given uid or filename that has been put in  place  by  the  RES_CRASH
              resource restriction of the RBAC system.

       -L <logfile>
              Parses  the  learning  logs.   Accepts  an  argument  which  specifies the logfile to scan for the
              learning logs.  If "-" is specified as the logfile, stdin will be used as the learning log.   This
              option can be used with -E, -O, or -F.

       -O <filename|stream>
              Specifies  output  mode.   Requires a single argument that can be "stdout", "stderr", or a regular
              file.  Only used with -L or -F.

       -D     Disable the RBAC system

       -P [rolename]
              Without an argument, it sets the password for administering the RBAC system.  With a role name  as
              an argument, it sets the password for that given special role.

       -a <rolename>
              Authenticate to a special role that requires a password.

       -n <rolename>
              Authenticate to a special role that does not require a password.

       -p <rolename>
              Authenticate through PAM to a special role.

       -u     Removes  yourself from your current special role, reverting back to the normal role selection.  To
              be used, for instance, for logging out of an admin role without exiting your shell.

       -V     Displays verbose policy statistics when enabling the RBAC system or checking the RBAC policy.  Can
              only be used with -C, -E, or -F -L <filename>

       -h     Display help information

       -v     Print version information and exit


REPORTING BUGS
       Please  include  as  much  information  as  possible(using  any available debugging options) and send bug
       reports for gradm or the grsecurity RBAC system to spender@grsecurity.net.


AUTHOR
       grsecurity and gradm were created and are maintained by Brad Spengler <spender@grsecurity.net>

                                                                                                        GRADM(8)