ping can't open a socket on secured Linux install


2018-08-15 (edited 2021-02-06)

When blindly using STIGs and scripts[^1] you can end up with some weird errors that don't make sense because you wouldn't normally ever do the things the script did because it makes a perfectly secure system.

In this case the problem was that ping came back with:

socket: Operation not permitted

This is because raw sockets require root privleges and in older and minimal versions of the kernel you end up needing the setuid bit. Ping is specifically designed for the setuid bit so it is pretty safe to have it enabled. If some script screwed it up you can fix it by resetting the permissions to have the setuid bit enabled:

sudo chmod 4755 /bin/ping

4 sets the 'set user ID upon execution' bit while 7 allows read, write, and execute for the user and 5 allows read and execute for the group & everyone, respectively.

A similar problem can be seen with mounting remote filesystems with a similar - if less secure - fix.

Update: For ping in particular you don't need to use the 'hammer' of SUID as it should support capabilities so you can just use:

sudo setcap 'cap_net_raw+p'

[^1]: Don't do that *[STIG]: Security Technical Implementation Guides

powered by offpress