OPNsense Forum

English Forums => General Discussion => Topic started by: pepesz on February 09, 2017, 08:23:36 pm

Title: /proc content?
Post by: pepesz on February 09, 2017, 08:23:36 pm

Dear members,

What should be the content of /proc ? I only see folders coresponding to processes PID, nothing more. Is this normal? No things like /proc/sys/kernel/hostname? I'm trying to adopt my script (http://pastebin.com/MXEW6DF4 (http://pastebin.com/MXEW6DF4)) to show system statistics on the LCD (via LCDd but not the lcdproc). The script uses Sys::Statistics::Linux and therefore procfs.

Thanks in advance.
pepesz

Title: Re: /proc content?
Post by: franco on February 09, 2017, 08:33:41 pm

Hi pepesz,

/proc is just a stub, not used for anything but general Linux compatibility.

What are you trying to do?

See if you can find some things via sysctl:

# sysctl -a

For hostname, there is a binary:

# hostname

TL;DR: Sys::Statistics::Linux may not be suitable here.


Cheers,
Franco

Title: Re: /proc content?
Post by: pepesz on February 09, 2017, 09:28:33 pm

Hi Franco,

I'm using perl script (http://pastebin.com/MXEW6DF4 (http://pastebin.com/MXEW6DF4)) to get and display system stats on LCD. Below is the line I have to replace with sth bsd compatible:

Code: [Select]

my $lxs = Sys::Statistics::Linux->new( cpustats => 1, memstats  => 1, diskusage => 1, netstats => 1 );Any hint how to achieve this? I will also look into BSD::Sysctl, but freebsd is entirely new adventure for me.

Best regards,
pepesz

Title: Re: /proc content?
Post by: franco on February 10, 2017, 12:00:35 pm

I don't know, sorry. You can get these values from different commands, but the parsing will be entirely different so it might take a while. :/


Cheers,
Franco

Title: Re: /proc content?
Post by: lattera on February 10, 2017, 03:12:55 pm

OPNsense doesn't mount procfs by default. procfs exposes some rather interesting security issues. I'd encourage people not to rely on procfs.

I'll port over HardenedBSD's procfs hardening work sometime over the next few weeks. And since procfs is not mounted by default, my procfs hardening work can be pushed out with a patch release.

Title: Re: /proc content?
Post by: pepesz on February 10, 2017, 06:17:49 pm

Thanks!

@lattera: I'll be waiting :)


Best regards,
pepesz

Title: Re: /proc content?
Post by: lattera on February 11, 2017, 10:54:22 pm

I've now committed to the master branch the work needed to harden procfs. After additional testing, it should go out in a future patch release.

Title: Re: /proc content?
Post by: pepesz on February 20, 2017, 11:47:53 pm

@lattera

Any chance I can follow (and how) the progress of that work?

Cheers,
pepesz

Title: Re: /proc content?
Post by: lattera on February 21, 2017, 12:12:45 am

It'll be in 17.1.2. So stay tuned. :)