grsecurity forums

I've just added /proc/<pid>/ipaddr support to grsecurity 2.0.

www:~# cat /proc/self/ipaddr
192.168.1.1

www:~# ls -al /proc/self/ipaddr
-r-------- 1 root proc 0 May 4 21:18 /proc/self/ipaddr

This information can be useful for IDS/IPSes to perform remote response to local attacks. I think it may serve informational purposes for administrators as well.

What else do you forsee this being useful for?

(the code isn't a big deal, it took 2 minutes to write...I'm just curious how the feature could be used)

-Brad

that's a good feature actually! pretty useful to find out ddos attacks, as you said.
is it avaliable in cvs? and will you include it in the next release?

thanks,
Mikhail.

It's in the cvs for grsecurity 2, since I'm not adding any new features to 1.9.9x at this point. It will be in the next release, 2.0-pre4, which willl be released soon (it has the new variable and set operation support as well).

-Brad

Is there anyway to grab the IP-Address from within the running process?

I haven't looked much into it yet but thought it would be a neat addition to something like propolice and libsafe to have them dump the IP address assiociated with the process, if there is one.

Thanks for your time,
Mike

dermike wrote:Is there anyway to grab the IP-Address from within the running process?

the file /proc/self/ipaddr is at your disposal, just open it, if it succeeds, you can read it and log it whereever you want.