Jump to content
Nytro

Linux Security: How to hide processes from other users

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Linux Security: How to hide processes from other users

Small and at the same time great article from Steve on http://www.debian-administration.org/.

If you run a multi-user system it can increase security if you hide the display of running processes, and their arguments, which belong to other users. This helps avoid problems if users enter passwords on the command-line, and similar.

If you’re running a recent Kernel, (version 3.2 or higher), you can achieve this benefit by mounting the /proc filesystem with the new hidepid option:

[TABLE]

[TR]

[TH]Value[/TH]

[TH]Meaning[/TH]

[/TR]

[TR]

[TD]0[/TD]

[TD]This is the default setting and gives you the default behaviour.[/TD]

[/TR]

[TR]

[TD]1[/TD]

[TD]With this option a normal user would not see other processes but their own in ps, top etc, but would is still be able to see process IDs beneath /proc[/TD]

[/TR]

[TR]

[TD]2[/TD]

[TD]Users are only able to see their own processes (as with with hidepid=1), but also any other process IDs are hidden for them if they manually poke around beneath /proc[/TD]

[/TR]

[/TABLE]

It is worth noting that with the secure values set (“1?, or “2?) all processes remain visible to the root user.

If you decide you wish to enable this protection you can change the mount option interactively by running:

# mount -o remount /proc -o hidepid=2

To ensure this happens automatically at boot-time you can update your /etc/fstab file to read something like this:

proc /proc proc defaults,hidepid=2 0 0

With this in place a user will only see their own processes in the output of top, ps, & etc:

s-blog@www:~$ ps -ef

UID PID PPID C STIME TTY TIME CMD

s-blog 848 32483 0 08:55 pts/1 00:00:00 ps -ef

s-blog 32483 32482 0 08:54 pts/1 00:00:00 -bash

The root user will still see all processes though, for debugging purposes.

According to a recent post from the Debian Security Team it seems likely that the hidepid option will be proposed as a default in the future.

Sursa: » Linuxaria – Everything about GNU/Linux and Open source Linux Security: How to hide processes from other users

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...