How to execute binaries with specific parameters

Prev Next

This document provides information on how to execute binaries by passing specific parameters.

The objective of passing parameters as the execution happens is to customize its behavior, provide input data, or control execution dynamically without modifying the application's code.

You can do it using policies or sudo rules:

Execute binaries with specific parameters using policies

  1. In the Segura® Platform, in the navigation bar, hover over the Products menu and select EPM.
  2. In the side menu, select Policies > Linux > Policies.
  3. In the Policies report, click Add and select General.
  4. In the General tab, enter the following information:
    1. In the Policy name * field, enter a name to identify the policy.
    2. In the Status * field, select to enable or disable the policy.
    3. In the Guideline * field, select Binary Run as the guideline to perform the policy.
    4. In the Checker (path or executor) field, enter the command: exec="/usr/bin/binary_path".
    5. In the Enable audit? * field, select to enable the auditing of policy actions.
    6. In the Include general denial rule? field, select to allow only registered rules and deny what is not in the rule.
    7. In the Rules field, click + Add to enter the rules.
      1. Select Allow to allow access for the user or group and enter the following rule text in the format of policies in CaitSith: argv[1]="first_parameter" task.uid=user_id path="example_path/*".
        Info

        More information about the CaitSith policies and parameters in CaitSith Documentation.

      2. Click Add for each rule created.
    8. Click Continue.
  5. In the Review tab, review the access policy and click Save.

Execute binaries with specific parameters using sudo rules

Execute binaries with specific parameters using sudo rules

  1. In the Segura® Platform, in the navigation bar, hover over the Products menu and select EPM.
  2. In the side menu, select Policies > Linux > Sudo Rules.
  3. In the Rules for sudo report, click Add and select General.
  4. In the Registration rules for sudo screen, enter the following information:
    1. In the Identification name * field, enter a name to identify the rule.
    2. In the Enabled * field, select Yes to enable the rule.
    3. In the Commands for rule application (must be used the full path) * field, enter the command for rule application. For example: /usr/bin/binary_path --first_parameter --user=* example_path/*.
    4. In the It should be NOPASSWD? * field, select to ask or not the user to enter their password.
    5. In the Should it be FOLLOW? * field, select to be able to edit symbolic links.
    6. In the Should it be SETENV? * field, select to be able to set system parameters.
    7. Optional: In the Description field, enter a brief description of this rule.
  5. Click Save.
Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
Connect With Us
SEGURA
LEARN
EXPLORE
Copyright © Segura. All Rights Reserved