monit and grsecurity

monit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

monit and grsecurity

From:	Arkadiusz Miskiewicz
Subject:	monit and grsecurity
Date:	Mon, 8 Sep 2003 18:15:17 +0200
User-agent:	KMail/1.5.3

Monit disables some very usefull checkings when /proc/kcore is not available. 
/proc/kcore is not available on:

- 2.4 with grsecurity
+CONFIG_GRKERNSEC_HIDESYM
...
+  3) You have the additional /proc restrictions enabled, which removes
+     /proc/kcore

- 2.6 on some architectures like ARM

http://lwn.net/Articles/46158/

        After reviewing the /proc/kcore and kclist issues, I've decided that 
I'm no longer prepared to even _think_ about supporting /proc/kcore on ARM - 
it just gets too ugly, and adds too much code to make it worth the effort, 
the time or the energy to implement a solution to that problem.
        
        /proc/kcore should probably go away, but in the meantime this just 
allows ARM to ignore the issues.

Linus also suggested to remove /proc/kcore in 2.6.

I suggest adding /proc/meminfo parsing (from ie. procps) to check how many ram 
we have instead of stating /proc/kcore before 4.0 release (which I'm willing 
to test btw).

Thanks!
-- 
Arkadiusz Miśkiewicz    CS at FoE, Wroclaw University of Technology
arekm.pld-linux.org AM2-6BONE, 1024/3DB19BBD, arekm(at)ircnet, PLD/Linux

[Prev in Thread]

Current Thread

[Next in Thread]

monit and grsecurity, Arkadiusz Miskiewicz <=
- Re: monit and grsecurity, Arkadiusz Miskiewicz, 2003/09/08
  - Re: monit and grsecurity, Martin Pala, 2003/09/08
    - Re: monit and grsecurity, Arkadiusz Miskiewicz, 2003/09/08
    - Re: monit and grsecurity, Jan-Henrik Haukeland, 2003/09/08

Prev by Date: Re: monit and grsecurity
Next by Date: Re: check device core dump
Previous by thread: monit/web next.html
Next by thread: Re: monit and grsecurity
Index(es):
- Date
- Thread