> iron# ping localhost
> ping: socket: Operation not permitted
>
> My issue is the sysmon program stops on a check for
> root access to ICMP. The jail root user doesn't have
> rights to create ICMP packets in a jail system.
>
> Can this be modified to skip with a sysmon.conf switch
> or turned off ?
yes:
puck:~/sysmon/sysmon> src/sysmond -h
Usage: src/sysmond [ -f config-file ] [ -n ] [ -d ] [ -v ] [ -t ]
[ -p port ] [ reload ]
-b : IP Address to listen on
-f config-file : Alternate config file location
DEFAULT: /usr/local/etc/sysmon.conf
-n : Don't do notifies
-d : Don't fork
-i : Disable ICMP
You can also use this sysctl to allow raw sockets
within a Jail:
security.jail.allow_raw_socketsroot@test:/usr/src# sysctl security.jail.allow_raw_sockets=1
security.jail.allow_raw_sockets: 0 -> 1
Wednesday, November 5, 2008
ping: socket: Operation not permitted
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment