[SR-Users] Kamailio has unconfined processes

HimaBindu G himabindu.garadareddy at gmail.com
Wed Aug 10 08:35:12 CEST 2022


Hi,

Problem Description:
Customer security scan returned unconfined services on Kamailio.
Unconfined processes run in unconfined domains Rationale:
For unconfined processes, SELinux policy rules are applied, but policy
rules exist that allow processes running
in unconfined domains almost all access. Processes running in unconfined
domains fall back to using DAC
rules exclusively. If an unconfined process is compromised, SELinux does
not prevent an attacker from
gaining access to system resources and data, but of course, DAC rules are
still used. SELinux is a security
enhancement on top of DAC rules - it does not replace them
Solution
Investigate any unconfined processes found during the audit action. They
may need to have an existing security
context assigned to them or a policy built for them.
Notes:
Occasionally certain daemons such as backup or centralized management
software may require running
unconfined. Any such software should be carefully analyzed and documented
before such an exception is made.
See Also
https://workbench.cisecurity.org/files/2485

For Kamailio
======
The command returned :
00 kamailio
00 kamailio
00 kamailio
00 kamailio
00 kamailio
10 kamailio
10 kamailio
10 kamailio
10 kamailio
00 kamailio
00 kamailio
00 kamailio
00 kamailio
33 kamailio
33 kamailio
33 kamailio
32 kamailio
17 kamailio
16 kamailio
33 kamailio
00 kamailio
00 kamailio
03 kamailio
05 kamailio
18 kamailio
17 kamailio
18 kamailio
18 kamailio
07 kamailio
00 sleep

is any security context available to assign kamailio processes ?
theses services can be run as confined services ?

Please suggest us with resolution, thanks in advance.

Thanks & Regards,
    Hima Bindu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220810/c7b4db54/attachment.htm>


More information about the sr-users mailing list