FYI: System hardening on Debian and Ubuntu and Monit

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FYI: System hardening on Debian and Ubuntu and Monit

From:	Jan-Henrik Haukeland
Subject:	FYI: System hardening on Debian and Ubuntu and Monit
Date:	Mon, 10 Jun 2024 13:08:22 +0200

FYI: The Debian maintainer has set up system hardening for Monit [1] which I 
believe is also carried over to Ubuntu 24. It is worth considering that system 
hardening could potentially influence the execution of the monit binary. System 
hardening measures include settings that restrict the execution environment of 
binaries, such as:

   • Restricting Execution Permissions: Ensuring that only certain binaries or 
scripts can be executed.
   • Changing Execution Contexts: Applying sandboxing techniques or limiting 
the capabilities of the binary.

To determine if system hardening is affecting the monit binary, you can check 
the Monit service file at /lib/systemd/system/monit.service for any hardening 
options enabled. These might include directives like NoNewPrivileges, 
ProtectSystem, ProtectHome, CapabilityBoundingSet, etc.

See also https://mmonit.com/wiki/Monit/FAQ#hardening

[Prev in Thread]

Current Thread

[Next in Thread]

FYI: System hardening on Debian and Ubuntu and Monit, Jan-Henrik Haukeland <=
- Re: FYI: System hardening on Debian and Ubuntu and Monit, Henning Bopp (boppy), 2024/06/10

Prev by Date: Re: monit v5.34 not working on centos 7 and 6
Next by Date: Re: FYI: System hardening on Debian and Ubuntu and Monit
Previous by thread: Re: monit v5.34 not working on centos 7 and 6
Next by thread: Re: FYI: System hardening on Debian and Ubuntu and Monit
Index(es):
- Date
- Thread