Articles on: Servers

Nixstats with grsecurity (OVH Kernel)

To monitoring some metrics in the /proc path special permission is needed if the kernel is compiled with grsecurity.

To check if grsecurity is enabled run sysctl -a | grep grsecurity

root@test:~# sysctl -a | grep grsecurity
kernel.grsecurity.audit_ptrace = 1
kernel.grsecurity.consistent_setxid = 1
kernel.grsecurity.deny_new_usb = 0
kernel.grsecurity.dmesg = 1
kernel.grsecurity.forkfail_logging = 1
kernel.grsecurity.grsec_lock = 0
kernel.grsecurity.harden_ptrace = 1
kernel.grsecurity.ptrace_readexec = 1
kernel.grsecurity.signal_logging = 1
kernel.grsecurity.timechange_logging = 1

If nothing appears grsecurity is not enabled.

To grant nixstats access to the /proc directory run the following commands.

First check what groupID (gid) nixstats has.

id nixstats

Now open the grub configuration file at /etc/default/grub

Edit the line with GRUB_CMDLINE_LINUX_DEFAULT and add grsec_proc_gid=XXX at the end right before the double quote (").

For example if your groupid is 123 change the line from

GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash net.ifnames=0 biosdevname=0"

GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash net.ifnames=0 biosdevname=0 grsec_proc_gid=123"

Don't forget to include a space between the values!

Finally run update-grub and reboot to restart your system.

Updated on: 02/02/2018

Was this article helpful?

Share your feedback


Thank you!