Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to hide the process from other users on the Linux system". In the daily operation, I believe that many people have doubts about how to hide the process from other users on the Linux system. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubt of "how to hide the process from other users on the Linux system". Next, please follow the editor to study!

I use a multi-user system, and most users access their resources through ssh clients. How can I avoid divulging process information to them? How do I stop / prevent them from seeing processes that don't belong to them on the Debian/Ubuntu/RHEL/CentOS linux server? Ways to hide processes from other users on linux

Solution / solution:

If you are using linux kernel version 3.2 or above (or RHEL/CentOS version 6.5 or above), you can hide the process from other users. Only root users can see all processes, not root users, and can only see their own process information. All you need to do is turn on the linux kernel hardening option "hidepid" to remount the / proc filesystem.

Recognize the hidepid option

This option defines how much process information we want non-process owners to see.

The value of hidepid represents the following meaning:

1. Hidepid=0-the default mode (classic mode), anyone can view the world-readable file in / proc/PID/*

Explanation: world-readable files: in linux, we divide file permissions into user,group and other groups, and other is also called world. So world-readables says that the other group has-r permission.

2. Hidepid=1-means that users cannot enter the directory under / proc/, but can only enter their own directory. So some sensitive files, such as cmdline,sched*,status, are protected. When users enter commands such as ps,top, they will not see those processes that do not belong to them! However, you can still see the process IDs under / proc

3. Hidepid=2-indicates tighter restrictions on file access to hidepid=1. Under this setting, / proc/PID/ is not visible to any user-even if you hack into the / proc directory, you will not see process IDs. Whether or not some daemons are running with elevated privileges, whether other users are running some sensitive programs, whether other users are running any programs, etc., the setting of this parameter makes it more complex and difficult for intruders to collect information about the running process of the system.

Linux kernel protection (linux kernel protection): a way to hide processes from other users on the linux

Enter the following command to set the value of the hidepid option to re-hang it on / proc

The code is as follows:

# mount-o remount,rw,hidepid=2 / proc

Edit the / etc/fstab file and hang it on / proc as above after the system reboot:

The code is as follows:

# vi / etc/fstab

Change the line mounted by proc to look like this:

The code is as follows:

Proc / proc proc defaults,hidepid=2 0 0

Then save the closed file.

The next step is to demonstrate whether the method of hiding processes from other users on linux is effective.

In this example, I log in to vps as dabu and root at the same time, just open a window in xshell or log in directly from the command line with the ssh command. Assuming that my dabu and root are logged in at the same time, hidepid=0 is the default at this time.

Open an a.txt file in root first

The code is as follows:

# vi a.txt

Do not close the file, then go to dabu to do the operation, and execute

The code is as follows:

$ps-ef

Another result is obtained as follows:

The code is as follows:

Root 16601 12120 0 16:19 pts/1 00:00:00 vi a.txt

Similarly, execute:

The code is as follows:

$top-bn1

You can also see that there is a process where root uses vi:

The code is as follows:

17512 root 20 0 3488 1420 1192 S 0.0 0.5 0:00.00 vi

Both of the above results prove that the process that belongs to root can be seen by dabu when hidepid=0 (the default).

Next, continue to use root to execute the following command:

The code is as follows:

# mount-o remount,rw,hidepid=2 / proc

Use dabu again to execute the following command to view the process

The code is as follows:

$ps-ef

You can't see the previous process in the returned result, and all non-dabu users can't see it.

As for top,htop and so on, it can't be seen.

Also, if you want to ls / proc, it will prompt you not to enter.

The use of gid=xxx with hidepid:

If we set hidepid=2, only root can see all the process information, and in some cases, we want some administrative group to see all the process information as well.

Suppose our group here is the admin group, and its gid is 1001: we can change the line proc in the / etc/fstab file to

The code is as follows:

Proc / proc proc defaults,hidepid=2,gid=1001 00

Or

The code is as follows:

Proc / proc proc defaults,hidepid=2,gid=admin 0 0

View the id of a group and execute the command:

The code is as follows:

# id group name

View a user's id and execute the command:

The code is as follows:

# id user name

The use of the id command, self-help

At this point, the study on "how to hide the process from other users on the Linux system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.