Articles on: Servers

Nixstats with grsecurity (OVH Kernel)

To monitoring some metrics in the /proc path special permission is needed if the kernel is compiled with grsecurity.


To check if grsecurity is enabled run sysctl -a | grep grsecurity


``

root@test:~# sysctl -a | grep grsecurity

kernel.grsecurity.audit_ptrace = 1

kernel.grsecurity.consistent_setxid = 1

kernel.grsecurity.deny_new_usb = 0

kernel.grsecurity.dmesg = 1

kernel.grsecurity.forkfail_logging = 1

kernel.grsecurity.grsec_lock = 0

kernel.grsecurity.harden_ptrace = 1

kernel.grsecurity.ptrace_readexec = 1

kernel.grsecurity.signal_logging = 1

kernel.grsecurity.timechange_logging = 1

``

If nothing appears grsecurity is not enabled.


To grant nixstats access to the /proc directory run the following commands.


First check what groupID (gid) nixstats has.


``id nixstats``

Now open the grub configuration file at /etc/default/grub


Edit the line with GRUB_CMDLINE_LINUX_DEFAULT and add grsec_proc_gid=XXX at the end right before the double quote (").


For example if your groupid is 123 change the line from


``

GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash net.ifnames=0 biosdevname=0"

``

To

``

GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash net.ifnames=0 biosdevname=0 grsec_proc_gid=123"

``

Don't forget to include a space between the values!


Finally run update-grub and reboot to restart your system.

Updated on: 02/02/2018

Was this article helpful?

Share your feedback

Cancel

Thank you!