If you are using Linux kernel version 3.2+ (or
RHEL/CentOS v6.5+ above) you can hide process from other users. Only root can
see all process and user only see their own process. All you have to do is
remount the /proc filesystem with the Linux kernel hardening hidepid option.
Say hello to hidepid option
This option defines how much info about processes we
want to be available for non-owners. The values are as follows:
hidepid=0 – The old behavior – anybody may read all
world-readable /proc/PID/* files (default).
hidepid=1 – It means users may not access any /proc//
directories, but their own. Sensitive files like cmdline, sched*, status are
now protected against other users.
hidepid=2 It means hidepid=1 plus all /proc/PID/ will
be invisible to other users. It compicates intruder’s task of gathering info
about running processes, whether some daemon runs with elevated privileges,
whether another user runs some sensitive program, whether other users run any
program at all, etc.
Linux kernel protection: Hiding processes from other
users
Type the following mount command:
# mount -o remount,rw,hidepid=2 /proc
Edit /etc/fstab, enter:
# vi /etc/fstab
Update/append/modify proc entry as follows so that
protection get enabled automatically at server boot-time:
proc
/proc proc defaults,hidepid=2 0
0
Save and close the file.
$ ps -ef
$ sudo -s
# mount -o remount,rw,hidepid=2 /proc
$ ps -ef
$ top
No comments:
Post a Comment