grsecurity forums

Skip to content

[SOLVED][FEATURE] Global status and current object's status

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

[SOLVED][FEATURE] Global status and current object's status

Postby Pallas » Wed Aug 27, 2014 4:34 pm

Hi all! Is it possible to check global status or current subject's status? Something like apparmor_status, but more verbose:
http://cdn8.howtogeek.com/wp-content/up ... 3Zo1Be.png

And individual subject status, like this
Code: Select all
$ gradm-status --subject /usr/bin/firefox
Roles:
* default
* pallas
* pallas [group]
* testuser

Code: Select all
$ gradm-status --pid 4324
Subject:
/usr/bin/firefox
Current role:
pallas


I think, it might be very useful for sysadmins (for those who get already configured servers with grsecurity) and for monitoring.
Last edited by Pallas on Wed Mar 11, 2015 6:15 am, edited 1 time in total.
Pallas
 
Posts: 4
Joined: Mon Aug 25, 2014 5:25 pm
Top

Re: [FEATURE] Global status and current object's status

Postby mnalis » Fri Aug 29, 2014 4:07 pm

you can do something like:
Code: Select all
grep RBAC /proc/11068/status


which will tell you something like:
Code: Select all
RBAC:   default:D:/usr/sbin/apache2


making a shell or perl script which would do the same for the subject (instead of PID as example above) is left as an exercise for a sysadmin...
mnalis
 
Posts: 57
Joined: Fri Sep 29, 2006 11:23 am
Top

Re: [SOLVED][FEATURE] Global status and current object's sta

Postby Pallas » Wed Mar 11, 2015 6:16 am

Thank you! That what I need.
Pallas
 
Posts: 4
Joined: Mon Aug 25, 2014 5:25 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group