Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To my knowledge, you can only hide processes by running the user sessions i a container. IT can be an lxc container, or an OpenVZ guest, but basically amounts to a virtual machine that is protected from knowing very much about the host.
Chrooting alone will not prevent users from seeing the full process list.
Some kind of containerization that allows a user to ONLY see their OWN processes will, or true virtualization.
I am unfamiliar with other solutions, but a kernel module crafted to hide processes might do. I understand some rootkits have that capability.
Chrooting alone will not prevent users from seeing the full process list.
...also see the (ancient but still valid) "How to break out of a chroot jail" text.
Quote:
Originally Posted by wpeckham
I understand some rootkits have that capability.
Rootkit LKMs usually isolate specific processes, being the reverse of the isolation type the OP asked for. Running a rootkit LKM for that purpose seems a rather odd choice (I do hope you're not seriously suggesting people run one) as mature, supported and maintained solutions exist.
I would never suggest that ANYONE run a rootkit for any reason other than security experimentation and a platform built for that express purpose.
If I may expound a bit: Reading and understanding the CODE from a rootkit that hides certain process from examination using the standard tools might be instructive. Unless one is an experienced and accomplished system level programmer or kernel hacker, it is likely to be wasted effort, but if one qualifies it could be one interesting avenue for investigation.
Forgive me for not making my meaning clear.
PLEASE do not run a rootkit on your system! If you do, I DID NOT TELL YOU TO!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
