linux_hardening_guide:hidepid
Linux Hardening Guide - hidepid
/proc is a pseudo-filesystem that contains information about all processes currently running on the system.
- By default, this is accessible to all users, which can allow an attacker to spy on other processes.
- To permit users to only see their own processes and not those of other users, you must mount /proc with the hidepid=2,gid=proc mount options.
- gid=proc exempts the proc group from this feature so you can whitelist specific users or processes.
- One way to add these mount options is to edit /etc/fstab and add:
- /etc/fstab
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=proc 0 0
systemd-logind still needs to see other users' processes, so for user sessions to work correctly on a systemd system, you must create /etc/systemd/system/systemd-logind.service.d/hidepid.conf and add:
- /etc/systemd/system/systemd-logind.service.d/hidepid.conf
[Service] SupplementaryGroups=proc
linux_hardening_guide/hidepid.txt · Last modified: 2025/05/31 15:44 by peter