As monit is a configurable system monitoring tool, it is expected that
admins will expand it to monitor all aspects of a system. The configured
system hardening rules block what seem like common use cases. Two
additional ones are:
1. To run systemctl on an NVMe drive needs CAP_SYS_ADMIN and on a
Package: monit
Version: 1:5.33.0-2
Starting with 1:5.33.0-2, the monit systemd unit file got some hardening.
Beside other things,
the CapabilityBoundingSet got restricted to: CAP_DAC_READ_SEARCH CAP_NET_RAW
CAP_SYS_PTRACE
I'm executing a "check program" script which checks the state of some wir
2 matches
Mail list logo
