How To Hide A Processes From Other Users In Linux

How To Hide A Processes From Other Users In Linux
If you're using the Linux kernel versions 3.2 or above you can hide processes from other users so only root and the user that owns the process can see the processes. All you have to do is remount the proc filesystem with the Linux kernel hardening option hidepid. The hidepid options defines how much info about a process we want to be available for all users. The values are as follows: 1.
hidepid=0 - The old behavior - anybody may read all world-readable /proc/PID/* files (default).
hidepid=1 - It means users may not access any /proc/ / directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.
hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder's task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.
So here is how to remount proc with the hidepid option:
mount -o remount,rw,hidepid=2 /proc
To permanently add this rule you need to add it to your fstab.
vi /etc/fstab
Add the hidepid=* options to your proc mount rule.
proc /proc proc defaults,hidepid=2 0 0
That's it, the rule is now permanently added and will persist on reboot.




Page generated in 0.0049 seconds.