process details: user +selcontext and user: pw and shell

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

process details: user +selcontext and user: pw and shell

From:	cgzones
Subject:	process details: user +selcontext and user: pw and shell
Date:	Mon, 11 Jun 2012 16:22:10 +0200
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120604 Thunderbird/13.0

Hi list,
hi developers,
i would like to have a option to observer the rights of processes.
So can you add a check for the user/uid of a process and the selinux
context (if selinux is enabled) of it; something like:

check process apache with pidfile /var/run/apache2.pid
       if failed uid www-data then ACTION            (like the file check)
       if failed selcontext system_u:system_r:httpd_t then ACTION

In addition some services (like apache or mysql) creates and uses users
for running it's daemons.
But these users are task is only running these processes, so they should
not have a valid password or a valid shell.
Can you add a new check section for system users like:

check user USERNAME with uid STRING/UID
        if failed invalidpw then ACTION       (check for ""|"!"|"?"|"*"...)
        if failed invalidshell then ACTION    (check for
"/bin/false"|"/bin/nologin"...)

Best regards,
          Christian Göttsche

[Prev in Thread]

Current Thread

[Next in Thread]

process details: user +selcontext and user: pw and shell, cgzones <=
- Re: process details: user +selcontext and user: pw and shell, Martin Pala, 2012/06/11

Prev by Date: Re: SIP TRUNK MONIT
Next by Date: Re: process details: user +selcontext and user: pw and shell
Previous by thread: SIP TRUNK MONIT
Next by thread: Re: process details: user +selcontext and user: pw and shell
Index(es):
- Date
- Thread