Written by BiRU Sunday, 09 April 2017 08:30
I run a multi-user system. Most users access resources using ssh client. How can I stop leaking process information to all users on Linux operating systems? How do I prevent users from seeing processes that do not belong to them on a Debian/Ubuntu/RHEL/CentOS Linux server?
If you are using Linux kernel version 3.2+ (or RHEL/CentOS v6.5+ above) you can hide process from other users. Only root can see all process and user only see their own process. All you have to do is remount the /proc filesystem with the Linux kernel hardening hidepid option.
Say hello to hidepid option
This option defines how much info about processes we want to be available for non-owners. The values are as follows:
Type the following mount command:
# mount -o remount,rw,hidepid=2 /proc
Edit /etc/fstab, enter:
# vi /etc/fstab
Update/append/modify proc entry as follows so that protection get enabled automatically at server boot-time:
proc /proc proc defaults,hidepid=2 0 0 |
Save and close the file.
In this example, I’m login as vivek@cbz-test:
$ ssh vivek@cbz-test
$ ps -ef
$ sudo -s
# mount -o remount,rw,hidepid=2 /proc
$ ps -ef
$ top
$ htop
Sample outputs:
You need to use gid=VALUE_HERE option:
gid=XXX defines a group that will be able to gather all processes’ info (as in hidepid=0 mode). This group should be used instead of putting nonroot user in sudoers file or something. However, untrusted users (like daemons, etc.) which are not supposed to monitor the tasks in the whole system should not be added to the group.
So add the user called monapp to group (say admin) that want to see process information and mount /proc as follows in /etc/fstab:
proc /proc proc defaults,hidepid=2,gid=admin 0 0