[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
process details: user +selcontext and user: pw and shell
From: |
cgzones |
Subject: |
process details: user +selcontext and user: pw and shell |
Date: |
Mon, 11 Jun 2012 16:22:10 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120604 Thunderbird/13.0 |
Hi list,
hi developers,
i would like to have a option to observer the rights of processes.
So can you add a check for the user/uid of a process and the selinux
context (if selinux is enabled) of it; something like:
check process apache with pidfile /var/run/apache2.pid
if failed uid www-data then ACTION (like the file check)
if failed selcontext system_u:system_r:httpd_t then ACTION
In addition some services (like apache or mysql) creates and uses users
for running it's daemons.
But these users are task is only running these processes, so they should
not have a valid password or a valid shell.
Can you add a new check section for system users like:
check user USERNAME with uid STRING/UID
if failed invalidpw then ACTION (check for ""|"!"|"?"|"*"...)
if failed invalidshell then ACTION (check for
"/bin/false"|"/bin/nologin"...)
Best regards,
Christian Göttsche
- process details: user +selcontext and user: pw and shell,
cgzones <=