And at last we have the equivalent of security.bsd.see_other_uids in Linux without the need to mess around with grsecurity! This is a security feature I've waited to land in Linux for a LONG time.
This characteristic can be enabled if you have kernel 3.3 (EL6/rhel/centos users can get it from here - thanks ajb!), but hopefully RedHat and other distributions will backport this feature in their kernels, too. The required patches are here and here.
So, how it works? Simple:
- mount /proc with the option "hidepid=1" to stop a regular user to see other processes but his when doing `ps` or `top`
- mount /proc with the option "hidepid=2" to not only stop the user from seeing other processes, but also disables the user's capacity to list /proc/$PIDs that are not his
- mount /proc with the option "hidepid=0" to go back to standard behaviour, all users can see all processes - this is the default
- there is also the "gid=xxx" mount option that lets the specified gid see all processes, even when hidepid is set to 1 or 2
You can read more about it here.
ToolsShow the IP address
Random password generator
ProjectsRepos - My RPM repositories for CentOS/(RH)EL
Linux LiveCDs - My CentOS based remixes
OpenVM.EU - Linux templates & appliances for Cloudstack