Installation with grsecurity

This document explains how to install 360 Monitoring with grsecurity.

If the server’s kernel is compiled with grsecurity, special permission is needed to monitor some metrics in the /proc path.

Check for grsecurity

To check if grsecurity is enabled, run the sysctl -a | grep grsecurity command:

kernel.grsecurity.audit_ptrace = 1
kernel.grsecurity.consistent_setxid = 1
kernel.grsecurity.deny_new_usb = 0
kernel.grsecurity.dmesg = 1
kernel.grsecurity.forkfail_logging = 1
kernel.grsecurity.grsec_lock = 0
kernel.grsecurity.harden_ptrace = 1
kernel.grsecurity.ptrace_readexec = 1
kernel.grsecurity.signal_logging = 1
kernel.grsecurity.timechange_logging = 1

If nothing appears, grsecurity is not enabled.

Grant access

To grant 360 Monitoring access to the /proc directory, run the following commands.

  1. First, run the id agent360 command to check what groupID (gid) 360 Monitoring uses.
  2. Then, open the grub configuration file at /etc/default/grub
  3. Edit the line with GRUB_CMDLINE_LINUX_DEFAULT and add grsec_proc_gid=XXX at the end before the double quote (“). For example, if your groupid is 123, change the line from:

GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash net.ifnames=0 biosdevname=0"
GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash net.ifnames=0 biosdevname=0 grsec_proc_gid=123"
Don’t forget to include a space between the values.

  1. Finally, run the update-grub and reboot commands to restart your system.