LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-11-2007, 04:31 AM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563

Is there a way by which I can hide my processes from other users if
1) I am the root
2) If i am not the root


Simplest way to "hide" in a legitimate way isn't hiding: it's a form of separation and the GRSecurity kernel patch can supply that (and much more). With the patch applied a process listing only shows users the PIDS they own unless they are allowed an override. Root can hide processes from other users and users can hide processes from other users but of course users can't hide processes from root and root can't hide processes from root. That would be rootkit territory.
 
Old 01-11-2007, 04:45 AM   #17
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 68
Quote:
Originally Posted by Simon Bridge
What? You've lost me... I need the context there dude.
I meant surely you have to have UID 0.

Quote:
Originally Posted by Simon Bridge
Sure - someone could sit on the network watching other users processes to see if there are any habits which could be exploited... if users processes are private, this cannot happen.
Under security through obscurity I meant that when you have insecure find invocation (subject to quickly changing symbolic links in your home directory, for example), exploiting it requires timing. Feasible if you can know exactly when find is started and what it invokes, if at all... Unrealistic if you do not even see it.

Quote:
Originally Posted by Simon Bridge
The privacy aspect is still there - who cares that a user has vi running when you cannot tell what is being edited?
If I run shell scripts to process files, you have a good chance to guess what I am doing (from file names, at least, if not from data passed through command-line).

Quote:
Originally Posted by Simon Bridge
The actual writing is still private (except to folk actually in the same room and looking over the user's shoulder... in the end, privacy is a gentleman's agreement. When privacy is enforced with security, it risks becoming a competition -- a challenge.
Quote:
Originally Posted by Simon Bridge
rotfl
About restricting root logins? Why? If you have a server which has to be protected even from insider attacks (and data loss costs more than data leak which costs more than temporary outage), it is possible to make three administrators to ensure that system is secure, then make them ensure that the only way to login with some rights (including root login) - is through PAM-handled card-reader, and the only two copies of the keys are freshly-generated and reside on these SD cards. Now security forces come, take these SD cards and in presence of all three administrators the most powerful SD cards are closed in special safe that cannot be opened without consent of top executive. To begin with, it is in his room. Companies have already learned to secure high executives' safes. Why three administrators? Because to bribe all three system administrators in exact time is harder than to bribe one and at any time while he is system administrator. Now what you get is that some people who need to have access to half of data stored on server will not know even what processes are run by people who have rights to access the other half. When it is about financial stuff, it can make sense regardless of costs...
 
Old 01-11-2007, 02:46 PM   #18
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
it is possible to make three administrators to ensure that system is secure
... sure it's "possible" - it may even happen It's just the way you talked about it before was just dripping with irony.

Quote:
it can make sense regardless of costs...
I know trading banks that do not do this because it is "too inconvenient". I've seen insurance companies where the server room is locked, but the sysadmin has a terminal for it open on his desk from the time he gets to work... just sitting there... often unattended...

The scenario you describe sounds like the kind of security given to a nuclear arsenal.

... anyway: this brings is back to "why". The "why" question hasn't been answered by OP - you think maybe OP is a top level executive in a financial institution?

Quote:
Originally Posted by unSpawn
Simplest way to "hide" in a legitimate way isn't hiding: it's a form of separation and the GRSecurity kernel patch can supply that (and much more).
... i.e. a specially set up system. But good information anyway.
 
Old 01-11-2007, 03:01 PM   #19
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 68
Quote:
just sitting there... often unattended...
Sometimes school does minimum security better than a bank. Maybe because bank can not think about worse before it happens, and not know after, and in school you'll always get a new nice boot message once you leave a root terminal unattended.

Quote:
you think maybe OP is a top level executive in a financial institution?
No. In his case it is at maximum privacy concern and root should simply be trusted. But in general, when we say 'separate users better' it can be also for security. I guess financial is not needed - I think it is not easy to steal too much data on any big company's oncoming new striking product if you work in another research team. If you work on it - sigh...
 
Old 01-11-2007, 08:06 PM   #20
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
... i.e. a specially set up system.
Did the OP post that as a requirement? Or does this come from someone who posts "fixes" like "chmod o-x /bin/ps"?
 
Old 01-12-2007, 07:00 AM   #21
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
unSpawn: heh heh heh - I don't believe that advanced setup was ruled out. Please do not take that comment as a criticism. And I do not view that (chmod thing) as a "fix" - I view that as a "damage": it just happens to address the specific example - I was hoping it would sound flip.

I think the consensus is: "it's possible but elaborate".
One can use security tricks, or be on an especially installed system, or remove the computer from the network.

The details depend on exactly what one hopes to achieve.

If one would like to configure a network soas to hide processes - then we have our solution. If one wants to hide ones own processes on an arbitrary network - it gets tricky.

Early on I asked for specifics - this is what I meant.
I've also been wondering (on the record) "why" anyone would want to do this. Some speculation has been forthcoming... for which I thank the participants.

Hopefully this thread will be more educational to others stumbling across it than a simple answer would be.

raskin:The way I understood it, the bank had tighter security, but found this made day-to-day administration annoying. The relaxed security was a deliberate decision rather than one based on ignorance.

I don't use internet banking in NZ because basic security steps (like long passwords - one-time passwords etc) are not used. (Though, in this case, customers don't like them...)
 
Old 01-12-2007, 01:17 PM   #22
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Moved: This thread is more suitable in Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 01-12-2007, 03:17 PM   #23
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 68
Quote:
The way I understood it, the bank had tighter security, but found this made day-to-day administration annoying. The relaxed security was a deliberate decision rather than one based on ignorance.
Surely they know the rules, but you can never know how much does it cost to violate rules... If you are lucky, it costs nothing.
 
Old 01-14-2007, 06:49 AM   #24
FredrikN
Member
 
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149

Rep: Reputation: 15
LIDS also provides functions that can hide a process.

Last edited by FredrikN; 01-14-2007 at 07:09 AM. Reason: //Removed some advice not in line with what LQ stands for.
 
Old 01-14-2007, 07:04 AM   #25
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
@Simon Bridge: well, I guess that's what I get for not being blunt. What I tried to hint at (being a moderator and all that) is that you basically went and hijacked the thread from the OP and that, if you show to have a limited amount of practical knowledge managing systems (with all due respect), maybe you should not try to categorise other people's answers if you can't assess them properly because "I think the consensus is: "it's possible but elaborate"." clearly is wrong. Anyone (even you ;-p) can set up a GRSecurity-enabled system *without* need for RBAC and *still* containing the separation fixes. (With Gentoo you can for instance since they carry grsec-enabled kernels. Nothing about "trickery" or being elaborate there.) And there you have it...

Last edited by unSpawn; 01-14-2007 at 08:05 AM. Reason: //be specific, add reply-to
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible to hide my ip ?? megaprog Debian 18 04-24-2016 07:38 AM
Hide X tux06 Debian 7 10-14-2006 12:25 PM
How to hide IP Address swiftsage Fedora 3 09-02-2005 12:05 PM
monitoring active processes and identifying the required processes. gajaykrishnan Programming 2 08-13-2004 01:58 AM
Need to hide bootloader ScribeOfTheNile Linux - Newbie 5 11-21-2003 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration