- changed status to closed
List process arguments as well
Issue #674
closed
When monitoring processes, it would be great to have process arguments collected and displayed as well apart from various stats. The reason this could be of help is security monitoring of processes. If a process is running with insecure parameters or exposing secrets, monit could easily help to alert the user. This feature would be of great use for the security community.
Comments (1)
-
repo owner
- Log in to comment
Monit allows such monitoring already, if the insecure parameters pattern can be defined: you can use the "check process <name> matching <pattern>" ... it should be possible to set for example pattern like this to catch a process which uses a parameter called "--user" as command line parameter:
If the insecure parameters list cannot be specified fr automated test and it will depend on admin to watch the process table strings, Monit's role will be minimal - only exposing the process table including such insecure parameter values via Monit's GUI, which doesn't increase the security - it may even make it worse (if somebody will gain Monit GUI credentials, he'll be able to see the process list including parameters, which he normally won't see).