Kernel 3.2+: Hide Processes From Other Normal Users!

In a multi-user system it was always possible for any user to list all running processes on the system whether or not these processes belong to the user!linuxkernel32rc6_dh_fx57

With linux kernel 3.2+ (RHEL/Centos 6.5+) there is a new added feature to give the root a full control over this issue where root will be the one who can list all running processes and all users will only list their own processes no more.

New mounting option: hidepid

The new option defines how much info about processes we want to be available for non-owners.The value of it will define the mode in mounting as follow:

hidepid=0 – The old behavior – anybody may read all world-readable /proc/PID/* files (default).

hidepid=1 – It means users may not access any /proc/ / directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.

hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.

This could be done through the command line as follow

# mount -o remount,rw,hidepid=2 /proc

Or by updating /etc/fstab

# vi /etc/fstab

proc    /proc    proc    defaults,hidepid=2     0     0

This will need # mount -a   to just re-read /etc/fstab

References:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201

Advertisements

Increase your apt cache limit

increase value APT::Cache-Limit
When the time I try to install google-perftools-dev oackage using apt-get; unfortunately I got message error in the terminal :

Reading package lists… Error!
E: Dynamic MMap ran out of room. Please increase the size of APT::Cache-Limit. Current value: 25165824. (man 5 apt.conf)
E: Error occurred while processing mixxx-libperf (NewVersion1)
E: Problem with MergeList /var/lib/apt/lists/ftp.de.debian.org_debian_dists_wheezy_main_binary-amd64_Packages
W: Unable to munmap
E: The package lists or status file could not be parsed or opened.

The solution is pretty easy to fix it is just you need to increase the value APT::Cache-Limit at the /etc/apt/apt.conf.d/70debconf.
$sudo gedit /etc/apt/apt.conf.d/70debconf
Then put this code at the end of file, save and exit.

APT::Cache-Limit "100000000";

at the below on that file and then save it. Next typing this code on your terminal

$ sudo apt-get clean && sudo apt-get update --fix-missing

and you won’t find apt cache limit again in the next time.