Prevent users from seeing processes that do not belong to them

hidepid option :- this can be done by hidepid option which have below values :-

hidepid=0 -  anybody may read all world-readable /proc/PID/* files (default).
hidepid=1 -  It means users may not access any /proc/ */ directories, but their own.
hidepid=2  - It means hidepid=1 plus all /proc/PID/ will be invisible to other users.


Type the following mount command:
# mount -o remount,rw,hidepid=2 /proc

To make above configuration across the reboot , edit /etc/fstab for the same :
# vi /etc/fstab

update proc entry with hidepid=2 as below

proc    /proc    proc    defaults,hidepid=2     0     0

If you want yo give access to particular group to see all process (hidepid=0 mode), you need to use gid=<group_name> option:

proc /proc proc defaults,hidepid=2,gid=admin 0 0


You can confirm this hidepid value after remount as below :-

#mount | grep -i proc

Comments

Post a Comment

Popular posts from this blog

HP-UX virtual Machine Cheat Sheet

HP VM Cheat Sheet  1) How to Start HP VM?  On a host a)  # vi / etc / rc.config.d / hpvmconf      # Set to 1 (0) to enable (disable) Integrity VM at boot time.              HPVM_ENABLE=1 #  / sbin / init.d / hpvm  start Note: When host is rebooted it will start all the guest by default      b)   Starting HPVM on the guest   #    hpvmstart  –P  guestname 2) How to Stop HP VM? # shutdown –hy  0    (gracefully shutdown, from guest OS)             # hpvmstop  -P guestname  ( forced shutdown from host – not recommended)   3) How to identify  Identify Host or Guest using hpvminfo command?  Examples: Using hpviminfo on a host hpvminfo   (-v, -V)(on host)   #  hpvminfo      hpvminfo : Runnin...
Read more

How to run fdisk in non-interactive mode

fdisk is a command-line utility for disk partition management.If you are going to create one or two partition then its okay to go with manual user intracetion method of fdisk. But if the partition list is a bit longer or we can say its repitative for several machines then need to seek some automation , here we go for probable two solutions for this : - Solution - I : Using below shell script #!/bin/sh sdd="/dev/sdb /dev/sdc /dev/sdd" for i in $sdd do echo "n p 1 t 8e w "|fdisk $i;pvcreate "$i"1;done n = Create new partition p = Primary partition 1 = 1st partition of primary type t = Partition type 8e = Linux LVM Note: two consicuitve blank lines between 1 and t . Solution - II : Using sfdisk Utility This tool allows you to create/change partition tables according to the disk partitioning specification read from standard input. It also allows you to export the partition table specification of a device to a file, so tha...
Read more