Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   stap-server    ( 8 )

управление сервером компиляции systemtap (systemtap compile server management)

Безопасность и защита (Safety and security)

Systemtap is an administrative tool. It exposes kernel internal data structures and potentially private user information. See the stap(1) manual page for additional information on safety and security.

As a network server, stap-server should be activated with care in order to limit the potential effects of bugs or mischevious users. Consider the following prophylactic measures.

1 Run stap-server as an unprivileged user, never as root.

When invoked as a service (i.e. service stap-server ...), each server is run, by default, as the user stap-server. When invoked directly (i.e. stap-server ...), each server is run, by default, as the invoking user. In each case, another user may be selected by using the -u option on invocation, by specifying STAP_USER=username in the global configuration file or by specifying USER=username in an individual server configuration file. The invoking user must have authority to run processes as another user. See CONFIGURATION.

The selected user must have write access to the server log file. The location of the server log file may be changed by setting LOG_FILE=path in the global configuration file. See CONFIGURATION.

The selected user must have read/write access to the directory containing the server status files. The location of the server status files may be changed by setting STAT_PATH=path in the global configuration file. See CONFIGURATION.

The selected user must have read/write access to the uprobes.ko build directory and its files.

Neither form of stap-server will run if the selected user is root.

2 Run stap-server requests with resource limits that impose maximum cpu time, file size, memory consumption, in order to bound the effects of processing excessively large or bogus inputs.

When the user running the server is stap-server, each server request is run with limits specified in ~stap- server/.systemtap/rc otherwise, no limits are imposed.

3 Run stap-server with a TMPDIR environment variable that points to a separate and/or quota-enforced directory, in order to prevent filling up of important filesystems.

The default TMPDIR is /tmp/.

4 Activate network firewalls to limit stap client connections to relatively trustworthy networks.

For automatic selection of servers by clients, avahi must be installed on both the server and client hosts and mDNS messages must be allowed through the firewall.

The systemtap compile server and its related utilities use the Secure Socket Layer (SSL) as implemented by Network Security Services (NSS) for network security. NSS is also used for the generation and management of certificates. The related certificate databases must be protected in order to maintain the security of the system. Use of the utilities provided will help to ensure that the proper protection is maintained. The systemtap client will check for proper access permissions before making use of any certificate database.