Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 May 2002 14:35:32 +1000 
From:      Anthony.Wyatt@csiro.au
To:        default013subscriptions@hotmail.com, freebsd-questions@FreeBSD.ORG
Subject:   RE: Quick Question Regarding PS
Message-ID:  <4ABEF4D887D40745B8D6804C2FFA939F1A75B6@hermes.la.csiro.au>

next in thread | raw e-mail | index | archive | help
Hi Default,
	I just stumbled upon this: http://draenor.org/securebsd/

Here are the relevent parts (all (c) draenor.org ):

o  Hiding processes

   You can also limit what processes a user can see when using the ps(1)
   command.  By default, FreeBSD will allow users to see all processes
   on the system, including those that do not belong to them.  You may
   wish to only allow the user to see processes owned by them.  To do
   this, you may use the kern.ps_showallprocs sysctl variable.  You can
   change this while the system is running by issuing the following
   command:

   sysctl kern.ps_showallprocs=0

   To make this change permanent, insert the following line into
   /etc/sysctl.conf:

   kern.ps_showallprocs=0

   The root user is not affected by kern.ps_showallprocs and can always
   see all processes.

   While this method is effective for limiting what output ps(1) gives,
   it will not stop an attacker from traversing /proc to find out what
   processes are running.  See 'Disabling procfs' for more information.

o  Disabling procfs

   procfs can be used to gather information on running processes.  It is
   required for the complete operation of programs such as ps(1), w(1)
   and truss(1).  Due to the amount of information that procfs may yield
   many administrators feel that it is advantageous to disable this
   filesystem.

   This step is ENTIRELY voluntary.  You do not need to disable this if
   you do not want to.

   To disable procfs, add the NOAUTO option to /etc/fstab for this
   filesystem.  You may then mount it manually if needed.

Anthony

> -----Original Message-----
> From: default [mailto:default013subscriptions@hotmail.com] 
> Sent: Monday, 6 May 2002 11:03 AM
> To: FreeBSD-Questions
> Subject: Quick Question Regarding PS
> 
> 
> Hi, I'm running on FreeBSD 4.1 which doesn't have the sysctl option
> (showallprocs) ... I am trying to think of a good way to let 
> my users only see their own processes, and I am not much of a 
> programmer...
> 
> I was thinking of making a bash script that would do ps only 
> showing the user's processes, replacing the ps command with 
> that, and changing ps's name to something that no one would 
> think of...
> 
> but... before I do... I was wondering, are there any system 
> resources that use PS? ... anything I should be worried about 
> in this scenario?
> 
> Thanks much
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ABEF4D887D40745B8D6804C2FFA939F1A75B6>