Date: Mon, 6 May 2002 14:35:32 +1000 From: Anthony.Wyatt@csiro.au To: default013subscriptions@hotmail.com, freebsd-questions@FreeBSD.ORG Subject: RE: Quick Question Regarding PS Message-ID: <4ABEF4D887D40745B8D6804C2FFA939F1A75B6@hermes.la.csiro.au>
next in thread | raw e-mail | index | archive | help
Hi Default, I just stumbled upon this: http://draenor.org/securebsd/ Here are the relevent parts (all (c) draenor.org ): o Hiding processes You can also limit what processes a user can see when using the ps(1) command. By default, FreeBSD will allow users to see all processes on the system, including those that do not belong to them. You may wish to only allow the user to see processes owned by them. To do this, you may use the kern.ps_showallprocs sysctl variable. You can change this while the system is running by issuing the following command: sysctl kern.ps_showallprocs=0 To make this change permanent, insert the following line into /etc/sysctl.conf: kern.ps_showallprocs=0 The root user is not affected by kern.ps_showallprocs and can always see all processes. While this method is effective for limiting what output ps(1) gives, it will not stop an attacker from traversing /proc to find out what processes are running. See 'Disabling procfs' for more information. o Disabling procfs procfs can be used to gather information on running processes. It is required for the complete operation of programs such as ps(1), w(1) and truss(1). Due to the amount of information that procfs may yield many administrators feel that it is advantageous to disable this filesystem. This step is ENTIRELY voluntary. You do not need to disable this if you do not want to. To disable procfs, add the NOAUTO option to /etc/fstab for this filesystem. You may then mount it manually if needed. Anthony > -----Original Message----- > From: default [mailto:default013subscriptions@hotmail.com] > Sent: Monday, 6 May 2002 11:03 AM > To: FreeBSD-Questions > Subject: Quick Question Regarding PS > > > Hi, I'm running on FreeBSD 4.1 which doesn't have the sysctl option > (showallprocs) ... I am trying to think of a good way to let > my users only see their own processes, and I am not much of a > programmer... > > I was thinking of making a bash script that would do ps only > showing the user's processes, replacing the ps command with > that, and changing ps's name to something that no one would > think of... > > but... before I do... I was wondering, are there any system > resources that use PS? ... anything I should be worried about > in this scenario? > > Thanks much > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ABEF4D887D40745B8D6804C2FFA939F1A75B6>