Difference between revisions of "Hardening /proc Hide Processes from other Users"

From wiki.linuxonlinehelp.eu
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 17: Line 17:
 
$ps ax
 
$ps ax
 
</pre>
 
</pre>
Should only view own jobs
+
Should only view own jobs!
  
on Raspain OS
+
 
 +
At Raspian OS (raspberry pi)is a Workaround useful:
 
create a Script /home/pi/mount-proc.sh
 
create a Script /home/pi/mount-proc.sh
 
insert:
 
insert:
Line 26: Line 27:
 
mount -o remount,rw,relatime,nosuid,noexec,nodev,hidepid=2 /proc
 
mount -o remount,rw,relatime,nosuid,noexec,nodev,hidepid=2 /proc
 
exit
 
exit
 +
</pre>
 +
and insert /home/pi/mount-proc.sh into root crontab to run on boot:
 +
<pre>
 +
@reboot  sh /home/pi/mount-proc.sh > /dev/null 2>&1
 
</pre>
 
</pre>

Latest revision as of 13:34, 7 July 2017

To prevent access to view Processes of other Users edit: 

$sudo nano /etc/fstab

Insert: 

proc    /proc    proc    defaults,hidepid=2,relatime     0     0  #relatime raspian

Run on console changes without reboot needed: 

mount -o remount,rw,hidepid=2,relatime /proc

Test: 

$top
$htop
$ps ax

Should only view own jobs!


At Raspian OS (raspberry pi)is a Workaround useful: create a Script /home/pi/mount-proc.sh insert: 

#!/bin/bash
mount -o remount,rw,relatime,nosuid,noexec,nodev,hidepid=2 /proc
exit

and insert /home/pi/mount-proc.sh into root crontab to run on boot: 

@reboot  sh /home/pi/mount-proc.sh > /dev/null 2>&1
Retrieved from "https://wiki.linuxonlinehelp.eu//index.php?title=Hardening_/proc_Hide_Processes_from_other_Users&oldid=331"