If you are into Linux OS hardening, then one of the ways to improve security is to hide the display of running processes and their arguments from other users. This feature is available if you are on a Linux kernel version of 3.2 or above that supports the new
hidepid mount option for
With this feature turned on, only the root user will be able to view all processes. Other users will only be able to view their own processes. The
hidepid option has 3 possible values:
- hidepid=0 – default behavior – anybody may read all world-readable files within the /proc/PID/ directories.
- hidepid=1 – means users may not access any /proc/PID/ directories, but their own. Sensitive pseudo-files like cmdline, sched and status are now protected against other users.
- hidepid=2 – means hidepid=1 plus all /proc/PID/ will be invisible to other users. It complicates the intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.
Changing Mount Point Options for /proc Filesystem
To change the mount point options of the
/proc filesystem on a running system, use the
mount command as the root user.
# mount -o remount,hidepid=2 /proc
After making the changes, login to the system as a normal user and try running the following commands.
$ ps -ef $ ls -ld /proc/[0-9]*
The above commands should only be listing the processes that belong to the user.
To make the changes permanent, the
/etc/fstab needs to be updated with the new
hidepid=2 mount option.
proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=2 0 0
hidepid=2” to the end of the mount options. Your mount options could be slightly different from the above.
Allowing Access to Admin Group Members
If you have a group of administrators who require access rights to view all the processes, then you will need to use the additional
gid mount option command.
First, assign these group of people to a specific group, eg.
Next, modify the mount options in
/etc/fstab file to include this group.
proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=2,gid=admin 0 0
Users who now belong to the
admin group will be allowed to view all the processes. They will not need to use the