I'm very new to grsecurity, and I am trying to configure an RBAC policy. I'm using Nagios for monitoring. On the Gentoo linux server with grsecurity installed, I have Nagios nrpe running configured to use the check_procs plugin to see if cron is running. Since grsecurity is not letting it see processes not owned by the user nagios, how do I give that plugin access to see more processes? This is what I tried, but I might be way off:
- Code: Select all
subject /usr/nagios/libexec/check_procs b
/
subject /usr/nagios/bin/nrpe dp
/etc/nagios/nrpe.cfg r
/usr/nagios/libexec x
I tried to read the manual, but I can't find much. Can anyone point me to a bigger, more in-depth manual?
The "b" option said that it allows "process accounting". Is that what I want?
I know I could use learning mode, but then I wouldn't understand what it generated, and I hope to really get into grsecurity and understand it deeply.
Thanks!