1 files changed, 0 insertions, 169 deletions
diff --git a/kernels/gradm/learn_config b/kernels/gradm/learn_config
deleted file mode 100644
index 24c4cbc25..000000000
--- a/kernels/gradm/learn_config
+++ /dev/null
@@ -1,169 +0,0 @@
-#This configuration file aids the learning process by tweaking
-#the learning algorithm for specific paths.
-#
-#It accepts lines in the form of <command> <pathname>
-#Where <command> can be inherit-learn, no-learn, inherit-no-learn,
-#high-reduce-path, dont-reduce-path, protected-path, high-protected-path,
-#read-protected-path, and always-reduce-path
-#
-#inherit-learn, no-learn, and inherit-no-learn operate only with
-#full learning
-#
-#high-reduce-path, dont-reduce-path, always-reduce-path, protected-path, 
-#and high-protected-path operate on both full and and regular learning 
-#(subject and role learning)
-#
-#inherit-learn changes the learning process for the specified path
-#by throwing all learned accesses for every binary executed by the
-#processes contained in the pathname into the subject specified
-#by the pathname.  This is useful for cron in the case of full
-#system learning, so that scripts that eventually end up executing
-#mv or rm with privilege don't cause the root policy to grant
-#that privilege to mv or rm in all cases.
-#
-#no-learn allows processes within the path to perform any operation
-#that normal system usage would allow without restriction.  If
-#a process is generating a huge number of learning logs, it may be
-#best to use this command on that process and configure its policy
-#manually.
-#
-#inherit-no-learn combines the above two cases, such that processes
-#within the specified path will be able to perform any normal system
-#operation without restriction as will any binaries executed by
-#these processes.
-#
-#high-reduce-path modifies the heuristics of the learning process
-#to weight in favor of reducing accesses for this path
-#
-#dont-reduce-path modifies the heuristics of the learning process
-#so that it will never reduce accesses for this path
-#
-#always-reduce-path modifies the heuristics of the learning process
-#so that the path specified will always have all files and directories
-#within it reduced to the path specified.
-#
-#protected-path specifies a path on your system that is considered an
-#important resource.  Any process that modifies one of these paths
-#is given its own subject in the learning process, facilitating
-#a secure policy.
-#
-#read-protected-path specifies a path on your system that contains 
-#sensitive information.  Any process that reads one of these paths is
-#given its own subject in the learning process, facilitating a secure
-#policy.
-#
-#high-protected-path specifies a path that should be hidden from
-#all processes but those that access it directly.  It is recommended
-#to use highly sensitive files for this command.
-#
-#regular expressions are not supported for pathnames in this config file
-#
-#
-# uncomment this next line if you don't wish to generate a policy that 
-# restricts roles to specific IP ranges:
-# dont-learn-allowed-ips
-#
-# to write out your generated policy such that roles are split into separate
-# files by the name of the role (within user/group directories), uncomment
-# the next line:
-# split-roles
-
-always-reduce-path /dev/pts
-always-reduce-path /var/spool/qmailscan/tmp
-always-reduce-path /var/spool/exim4
-always-reduce-path /var/run/screen
-always-reduce-path /usr/share/locale
-always-reduce-path /usr/share/zoneinfo
-always-reduce-path /usr/share/terminfo
-always-reduce-path /tmp
-always-reduce-path /var/tmp
-
-high-reduce-path /dev/.udev
-high-reduce-path /dev/mapper
-high-reduce-path /dev/snd
-high-reduce-path /proc
-high-reduce-path /usr/lib
-high-reduce-path /usr/lib/tls
-high-reduce-path /usr/lib/libreoffice
-high-reduce-path /usr/lib32
-high-reduce-path /usr/lib32/tls
-high-reduce-path /usr/lib64
-high-reduce-path /usr/lib64/tls
-high-reduce-path /var/lib
-high-reduce-path /usr/bin
-high-reduce-path /usr/sbin
-high-reduce-path /usr/local/share
-high-reduce-path /usr/local/bin
-high-reduce-path /usr/local/sbin
-high-reduce-path /usr/local/etc
-high-reduce-path /usr/local/lib
-high-reduce-path /usr/share
-high-reduce-path /usr/X11R6/lib
-high-reduce-path /var/lib/openldap-data
-high-reduce-path /var/lib/krb5kdc
-
-dont-reduce-path /
-dont-reduce-path /home
-dont-reduce-path /dev
-dont-reduce-path /usr
-dont-reduce-path /var
-dont-reduce-path /opt
-
-protected-path /boot
-protected-path /dev/log
-protected-path /etc
-protected-path /opt
-protected-path /root
-protected-path /run
-protected-path /sys
-protected-path /usr
-protected-path /var
-
-read-protected-path /etc/ssh
-read-protected-path /proc/kallsyms
-read-protected-path /proc/kcore
-read-protected-path /proc/slabinfo
-read-protected-path /proc/modules
-read-protected-path /usr/lib/modules
-read-protected-path /usr/lib64/modules
-read-protected-path /boot
-read-protected-path /etc/shadow
-read-protected-path /etc/shadow-
-read-protected-path /etc/gshadow
-read-protected-path /etc/gshadow-
-read-protected-path /sys
-
-high-protected-path /etc/ssh
-high-protected-path /proc/kcore
-high-protected-path /proc/sys
-high-protected-path /proc/bus
-high-protected-path /proc/slabinfo
-high-protected-path /proc/modules
-high-protected-path /proc/kallsyms
-high-protected-path /etc/passwd
-high-protected-path /etc/shadow
-high-protected-path /var/backups
-high-protected-path /etc/shadow-
-high-protected-path /etc/gshadow
-high-protected-path /etc/gshadow-
-high-protected-path /var/log
-high-protected-path /dev/mem
-high-protected-path /dev/kmem
-high-protected-path /dev/port
-high-protected-path /dev/log
-high-protected-path /sys
-high-protected-path /etc/ppp
-high-protected-path /etc/samba/smbpasswd
-#to protect kernel images
-high-protected-path /boot
-high-protected-path /usr/lib/modules
-high-protected-path /usr/lib64/modules
-high-protected-path /usr/src
-
-inherit-learn /etc/cron.d
-inherit-learn /etc/cron.hourly
-inherit-learn /etc/cron.daily
-inherit-learn /etc/cron.weekly
-inherit-learn /etc/cron.monthly
-inherit-learn /etc/init.d
-inherit-learn /etc/rc.d/init.d