Many commands accepts username and passwords on the command line and ps, top, sockstat and many commands can display this information to all users on the system. How do I prevent users from seeing information about processes that are being run under another UID to avoid information leakage under FreeBSD operating systems?
FreeBSD has inbuilt security measure to disallow users to see processes run by other users (UID) to avoid information leakage (snooping). The MIB security.bsd.see_other_uids and security.bsd.see_other_gids needs to set to zero (0) to enable this security feature via sysctl. Type the following command to enable this feature on boot:
# echo 'security.bsd.see_other_uids=0' >> /etc/sysctl.conf
# echo 'security.bsd.see_other_gids=0' >> /etc/sysctl.conf
Type the following to turn it on immediately, enter:
# sysctl security.bsd.see_other_uids=0
# sysctl security.bsd.see_other_gids=0
Now normal users cannot see what other people or groups are running on the system. This also applies to all jailed systems.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
![Linux: Find Out Open Files [ Descriptors ] Command](http://s13.cyberciti.org/images/shared/rp/3/12.jpg)
{ 9 comments… read them below or add one }
Great.. I use FreeBSD server at my office and was looking for something like this.
is it possible to implement same feature in RHEL/CentOS ?
It´s not a BSD only feature. You will find the same feature in Caos Linux.
Will you please let me know exact procedure/web link to get the information..Thanks in Advance.
It is not part of standard Linux kernel. You need GRSecurity patch for Linux kernel (which is included with Caos Linux). Go to http://www.grsecurity.net/ and download patch. You need to recompile the kernel. Alternatively, downloaded prebuilt rpms for CentOS / RHEL below:
http://rpm.cormander.com/repo/grsec/
Hi Vivek,
I have downloaded latest .rpm and installed the same on my test CentOS 5.3(i386) system. Will you please let me me what to do next to get the expected functionality ? Thanks.
This should be saying:
# echo ‘security.bsd.see_other_uids=0′ >> /etc/sysctl.conf
# echo ‘security.bsd.see_other_gids=0′ >> /etc/sysctl.conf
and not /etc/rc.conf
@ warren
Thanks for the heads-up!
can you plz let me know how to make this configuration in Redhat Linux 5.