Hardening /proc Hide Processes from other Users

From wiki.linuxonlinehelp.de
Jump to: navigation, search

To prevent access to view Processes of other Users edit:

$sudo nano /etc/fstab

Insert:

proc    /proc    proc    defaults,hidepid=2,relatime     0     0  #relatime raspian

Run on console changes without reboot needed:

mount -o remount,rw,hidepid=2,relatime /proc

Test:

$top
$htop
$ps ax

Should only view own jobs!


At Raspian OS (raspberry pi)is a Workaround useful: create a Script /home/pi/mount-proc.sh insert:

#!/bin/bash
mount -o remount,rw,relatime,nosuid,noexec,nodev,hidepid=2 /proc
exit

and insert /home/pi/mount-proc.sh into root crontab to run on boot:

@reboot  sh /home/pi/mount-proc.sh > /dev/null 2>&1