In general, what runs on your server should be considered private information that is shared only on a need-to-know basis. If there's no reason for a user to have insight into what services are running on a server, then a user probably shouldn't have permission to view process ID (PID) listings.
[ Free cheat sheet: Get a list of Linux utilities and commands for managing servers and networks. ]
Finding a service
It's common, by default, for a regular Linux account (emad
in this example) to be able to view a PID listing using ps
, pgrep
, pidof
, and so on:
$ sudo su – emad
$ ps -ef | wc -l
229
A user usually can see all processes. It's a lot of output, but if a user is searching for something specific, such as database system processes such as PostgreSQL (a popular open source database), it's pretty easy to find:
$ ps -ef | grep postgres
postgres 1143 [...] /usr/pgsql-12/bin/postmaster -D /var/lib/pgsql/12/data/
postgres 1151 [...] postgres: logger
postgres 1153 [...] postgres: checkpointer
postgres 1154 [...] postgres: background writer
postgres 1155 [...] postgres: walwriter
postgres 1156 [...] postgres: autovacuum launcher
postgres 1157 [...] postgres: stats collector
postgres 1158 [...] postgres: logical replication launcher
Not everyone needs to see what processes are running, so I use hidepid
.
[ Improve your skills managing and using SELinux with this helpful guide. ]
Use hidepid to hide processes
To prevent a user from seeing all the processes running on a system, mount the /proc
file system using the hidepid=2
option:
$ sudo mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc
The hidepid
parameter value accepts three values:
- 0: This is the default. Every user can read all world-readable files stored in a process directory.
- 1: Root process directories remain listed in
/proc
but are not accessible to users. Users can access only their own process directories. This protects sensitive files likecmdline
,sched
, orstatus
from access by non-root users. This setting does not affect the actual file permissions. - 2: Process files are invisible to non-root users. The existence of a process can be learned by other means, but its effective user ID (UID) and group ID (GID) are hidden.
$ ps -ef | wc -l
63
$ ps -ef | grep postgres
emad 7091 7067 0 14:02 pts/0 00:00:00 grep --color=auto postgres
The directories representing PIDs are removed from /proc
. The user emad
can no longer view PostgreSQL database system process IDs.
Need to know
Instead of changing mount options as your system runs, add the hidepid
option to /etc/fstab
.
Securing your operating system is a continuous challenge, and with servers containing highly confidential data, it's important to think about what you want people to be able to stumble across on your system. Use hidepid
to remove processes from casual inspection.
About the author
Emad Al-Mousa is a Saudi IT professional with more than 15 years of experience. He is a project leader for multiple projects that are transforming business operations and enabling digital transformation. He has a passion for cybersecurity and has received recognition from multiple big tech companies.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit