grsecurity forums


https://forums.grsecurity.net./

[SOLVED][FEATURE] Global status and current object's status

https://forums.grsecurity.net./viewtopic.php?f=3&t=4039

Page 1 of 1

[SOLVED][FEATURE] Global status and current object's status

PostPosted: Wed Aug 27, 2014 4:34 pm
by Pallas
Hi all! Is it possible to check global status or current subject's status? Something like apparmor_status, but more verbose:
http://cdn8.howtogeek.com/wp-content/up ... 3Zo1Be.png

And individual subject status, like this
Code: Select all
$ gradm-status --subject /usr/bin/firefox
Roles:
* default
* pallas
* pallas [group]
* testuser

Code: Select all
$ gradm-status --pid 4324
Subject:
/usr/bin/firefox
Current role:
pallas


I think, it might be very useful for sysadmins (for those who get already configured servers with grsecurity) and for monitoring.

Re: [FEATURE] Global status and current object's status

PostPosted: Fri Aug 29, 2014 4:07 pm
by mnalis
you can do something like:
Code: Select all
grep RBAC /proc/11068/status


which will tell you something like:
Code: Select all
RBAC:   default:D:/usr/sbin/apache2


making a shell or perl script which would do the same for the subject (instead of PID as example above) is left as an exercise for a sysadmin...

Re: [SOLVED][FEATURE] Global status and current object's sta

PostPosted: Wed Mar 11, 2015 6:16 am
by Pallas
Thank you! That what I need.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/