7 May 2012 06:02
Process in jail can use netstat to see connection
Jens Kasten <jens <at> kasten-edv.de>
2012-05-07 04:02:08 GMT
2012-05-07 04:02:08 GMT
Hi list, I was writting a small script to check if a service alive. Copy to the server and put in the crontab. Then I got an email that the service in my case ssh is not running. Looking but was running. Ah ok cron is running in a rsbac_jail. So with ps, lsof or others only stuff from cron can seen. But when i put netstat in the script an let cron execute it I see all like connection. For my sufficient to check if the ssh is running, but after pgrep or ps fails I was expected that netstat also fails. This is my jail setup. |Jail ID: 165| Program: cron| PID: 3899| Jail IP: 0.0.0.0 |Jail Flags: allow-external-ipc, allow-dev-get-status, allow-dev-read, allow-dev-mod-system, allow-inet-raw, allow-all-net-family, allow-dev-write |Jail SCD Get: sysfs |Jail SCD Modify: priority, rlimit, mlock Deliver netstat a result because of (allow-inet-raw, allow-all-net-family)? -- -- Mit freundlichen Grüßen Jens Kasten(Continue reading)
RSS Feed