Anoubis: Other - Process browser

The Process browser

Using the process browser one can verify which rules are active for a particular process. This mainly helps with figuring out why a problematic ruleset doesn't work. Often this is caused by incorrectly configured context rules. If required the selected rules can be modified directly in the RuleEditor.

The Process browser can be opened by selecting the ,,Processes'' tab in the ,,Anoubis'' module.

Process browser

It displays a list of the user's processes in the upper part of the window. There, along with some general information about the process, a short summary of Anoubis specific information is given. Further process details can be seen in the lower part of the window. When a process is selected further details will be displayed. To refresh the list of processes just press the "reload" button. There is no automated periodic refresh of the process list.

The columns of the Process list contain the following information:

Column	Meaning
Process ID	The Process ID of the Processes
User	The user to whom the process belongs
ALF, SB and CTX	This shows whether ALF, Sandbox or Context rules are active for the process. A process can have user and/or administrator rules.
Playground ID	If the process runs in a Playground then this will show the Playground ID. Otherwise the column remains empty.
Command	The command which is executed by the process.

In the lower part of the window various tabs can be selected to display more detailed information about the currently selected process.

Details	Here general information about the process is shown. This includes the process id and the real and effective user id. This information is not Anoubis specific and is only shown as supplementary information. Similar details can be obtained by using command-line tools like `ps(1)`.
Paths	This shows the paths and checksums, which are used to select the application rulesets. Three sets of possibly different paths and checksums are shown: The path and checksum of the program which is being executed by the process. This only serves informative purposes and is not used directly for the selection of application rulesets. Both other paths correspond with the previous one or belong to the parent process which may have forced rule-inheritance for its children. The path and checksum which are used for the selection of application rulesets from the user's policies. The path and checksum which are used for the selection of application rulesets from the administrator's policies.
ALF Rules	This shows the ALF application-rules which are active for the currently selected process. The text-field on the left shows user rules, the one on the right shows the administrator rules. By clicking on the "Edit" button the RuleEditor will open at the rule shown, so that it can be modified.
SB Rules	This shows, similar to the ALF rules, the Sandbox application rules.
CTX Rules	This shows, similar to the ALF rules, the Context rules which are active for the selected process.