Avoid users to see commands executed by others #41

New Issue

Benjamin_Loison · 2024-11-08T01:04:04+01:00

Benjamin_Loison commented

2024-11-08 01:04:04 +01:00

For instance matrix-commander message can easily be seen by others, as it takes time see Benjamin-Loison/matrix-commander/issues/16.

For instance `matrix-commander` message can easily be seen by others, as it takes time see [Benjamin-Loison/matrix-commander/issues/16](https://github.com/Benjamin-Loison/matrix-commander/issues/16).

Benjamin_Loison referenced this issue

2024-11-08 01:04:51 +01:00

List files a user can see names of and contents #42

Benjamin_Loison commented

2024-11-08 01:10:57 +01:00

DuckDuckGo and Google search Linux users to see commands executed by others.

DuckDuckGo and Google search *Linux users to see commands executed by others*.

Benjamin_Loison commented

2024-11-08 01:14:13 +01:00

Issue raised in the Unix Stack Exchange questions 454807 and 17164.

Issue raised in the Unix Stack Exchange questions [454807](https://unix.stackexchange.com/q/454807) and [17164](https://unix.stackexchange.com/q/17164).

Benjamin_Loison commented

2024-11-08 01:49:13 +01:00

mount /proc -o remount,hidepid=2

does not return anything but seems to work as wanted.

mount | grep '^proc'

proc on /proc type proc (rw,nosuid,nodev,noexec,relatime,hidepid=invisible)

```bash mount /proc -o remount,hidepid=2 ``` does not return anything but seems to work as wanted. ```bash mount | grep '^proc' ``` ``` proc on /proc type proc (rw,nosuid,nodev,noexec,relatime,hidepid=invisible) ```

Benjamin_Loison commented

2024-11-08 01:53:13 +01:00

sudo reboot

mount | grep '^proc'

proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

```bash sudo reboot ``` ```bash mount | grep '^proc' ``` ``` proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) ```

Benjamin_Loison commented

2024-11-08 01:53:55 +01:00

grep proc /etc/fstab

does not return anything.

```bash grep proc /etc/fstab ``` does not return anything.

Benjamin_Loison commented

2024-11-08 01:56:17 +01:00

DuckDuckGo and Google search Debian change mount proc options.

DuckDuckGo and Google search *Debian change mount proc options*.

Benjamin_Loison commented

2024-11-08 02:02:20 +01:00

diff <(mount | sed -e 's/on //' -e 's/type //' | cut -d ' ' -f-3) <(cat /proc/mounts | cut -d ' ' -f-3)

grep '^proc' /proc/mounts

proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=invisible 0 0

```bash diff <(mount | sed -e 's/on //' -e 's/type //' | cut -d ' ' -f-3) <(cat /proc/mounts | cut -d ' ' -f-3) ``` ```bash grep '^proc' /proc/mounts ``` ``` proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=invisible 0 0 ```

Benjamin_Loison commented

2024-11-08 15:17:51 +01:00

time grep -r 'hidepid' / --exclude-dir={proc,sys}

Output:

grep: /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-252.so: binary file matches
/usr/share/vim/vim90/syntax/fstab.vim:syn match fsOptionsKeywords contained /\<\%(hidepid\|subset\)=/ nextgroup=fsOptionsString
grep: /usr/bin/systemd-analyze: binary file matches
/root/.bash_history:mount /proc -o remount,hidepid=2
/root/.bash_history:mount /proc -o remount,hidepid=2

real	2m31.245s
user	0m22.077s
sys	0m30.193s

```bash time grep -r 'hidepid' / --exclude-dir={proc,sys} ``` <details> <summary>Output:</summary> ``` grep: /usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-252.so: binary file matches /usr/share/vim/vim90/syntax/fstab.vim:syn match fsOptionsKeywords contained /\<\%(hidepid\|subset\)=/ nextgroup=fsOptionsString grep: /usr/bin/systemd-analyze: binary file matches /root/.bash_history:mount /proc -o remount,hidepid=2 /root/.bash_history:mount /proc -o remount,hidepid=2 real 2m31.245s user 0m22.077s sys 0m30.193s ``` </details>

Benjamin_Loison commented

2024-11-08 15:18:33 +01:00

https://ubuntuforums.org/archive/index.php/t-2443493.html does not seem helpful.

Could give a try to /etc/fstab, see the Super User question 1858984.

https://ubuntuforums.org/archive/index.php/t-2443493.html does not seem helpful. Could give a try to `/etc/fstab`, see [the Super User question 1858984](https://superuser.com/q/1858984).

Benjamin_Loison commented

2024-11-08 17:36:25 +01:00

DuckDuckGo search Debian hidepid on reboot.

DuckDuckGo search *Debian hidepid on reboot*.

Benjamin_Loison commented

2024-11-08 17:52:54 +01:00

ls -l /initrd.img

lrwxrwxrwx 1 root root 30 Oct  6 11:33 /initrd.img -> boot/initrd.img-6.1.0-26-amd64

Source: the Unix Stack Exchange answer 508555

I don't want a crontab solution as the statement may not be the first one run, hence may leak some stuff on reboot.

Related to Benjamin_Loison/cron/issues/21.

```bash ls -l /initrd.img ``` ``` lrwxrwxrwx 1 root root 30 Oct 6 11:33 /initrd.img -> boot/initrd.img-6.1.0-26-amd64 ``` Source: [the Unix Stack Exchange answer 508555](https://unix.stackexchange.com/a/508555) I don't want a crontab solution as the statement may not be the first one run, hence may leak some stuff on reboot. Related to [Benjamin_Loison/cron/issues/21](https://codeberg.org/Benjamin_Loison/cron/issues/21).

Benjamin_Loison commented

2024-11-08 17:54:44 +01:00

ls -lh /boot/initrd.img-6.1.0-26-amd64

-rw-r--r-- 1 root root 37M Oct  6 11:33 /boot/initrd.img-6.1.0-26-amd64

file /boot/initrd.img-6.1.0-26-amd64

/boot/initrd.img-6.1.0-26-amd64: gzip compressed data, was "mkinitramfs-MAIN_axY3t3", last modified: Sun Oct  6 09:33:46 2024, from Unix, original size modulo 2^32 134572032

```bash ls -lh /boot/initrd.img-6.1.0-26-amd64 ``` ``` -rw-r--r-- 1 root root 37M Oct 6 11:33 /boot/initrd.img-6.1.0-26-amd64 ``` ```bash file /boot/initrd.img-6.1.0-26-amd64 ``` ``` /boot/initrd.img-6.1.0-26-amd64: gzip compressed data, was "mkinitramfs-MAIN_axY3t3", last modified: Sun Oct 6 09:33:46 2024, from Unix, original size modulo 2^32 134572032 ```

Benjamin_Loison commented

2024-11-08 17:55:58 +01:00

mkinitramfs

Output:

Command 'mkinitramfs' is available in the following places
 * /sbin/mkinitramfs
 * /usr/sbin/mkinitramfs
The command could not be located because '/usr/sbin:/sbin' is not included in the PATH environment variable.
This is most likely caused by the lack of administrative privileges associated with your user account.
mkinitramfs: command not found

```bash mkinitramfs ``` <details> <summary>Output:</summary> ``` Command 'mkinitramfs' is available in the following places * /sbin/mkinitramfs * /usr/sbin/mkinitramfs The command could not be located because '/usr/sbin:/sbin' is not included in the PATH environment variable. This is most likely caused by the lack of administrative privileges associated with your user account. mkinitramfs: command not found ``` </details>

Benjamin_Loison commented

2024-11-08 17:57:37 +01:00

sudo mkinitramfs

Output:

Usage: mkinitramfs [option]... -o outfile [version]

Options:
  -c compress	Override COMPRESS setting in initramfs.conf.
  -d confdir	Specify an alternative configuration directory.
  -l level	Override COMPRESSLEVEL setting in initramfs.conf.
  -k		Keep temporary directory used to make the image.
  -o outfile	Write to outfile.
  -r root	Override ROOT setting in initramfs.conf.

See mkinitramfs(8) for further details.

```bash sudo mkinitramfs ``` <details> <summary>Output:</summary> ``` Usage: mkinitramfs [option]... -o outfile [version] Options: -c compress Override COMPRESS setting in initramfs.conf. -d confdir Specify an alternative configuration directory. -l level Override COMPRESSLEVEL setting in initramfs.conf. -k Keep temporary directory used to make the image. -o outfile Write to outfile. -r root Override ROOT setting in initramfs.conf. See mkinitramfs(8) for further details. ``` </details>

Benjamin_Loison commented

2024-11-08 18:10:19 +01:00

The Unix Stack Exchange answer 508437:

/etc/fstab:

proc    /proc    proc    defaults,hidepid=2     0     0

results at reboot in:

grep '^proc' /proc/mounts

proc /proc proc rw,relatime,hidepid=invisible 0 0

What are last 2 bits for? They seem to be respectively for backup and fsck (source: https://linuxconfig.org/how-fstab-works-introduction-to-the-etc-fstab-file-on-linux), so not relevant here.

[The Unix Stack Exchange answer 508437](https://unix.stackexchange.com/a/508437): <details> <summary><code>/etc/fstab</code>:</summary> ``` proc /proc proc defaults,hidepid=2 0 0 ``` </details> results at reboot in: ```bash grep '^proc' /proc/mounts ``` ``` proc /proc proc rw,relatime,hidepid=invisible 0 0 ``` What are last 2 bits for? They seem to be respectively for backup and fsck (source: https://linuxconfig.org/how-fstab-works-introduction-to-the-etc-fstab-file-on-linux), so not relevant here.

Benjamin_Loison commented

2024-11-08 18:19:30 +01:00

/etc/fstab:

proc    /proc    proc    defaults,nosuid,nodev,noexec,hidepid=2     0     0

grep '^proc' /proc/mounts

proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=invisible 0 0

<details> <summary><code>/etc/fstab</code>:</summary> ``` proc /proc proc defaults,nosuid,nodev,noexec,hidepid=2 0 0 ``` </details> ```bash grep '^proc' /proc/mounts ``` ``` proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=invisible 0 0 ```

Benjamin_Loison commented

2024-11-08 18:19:53 +01:00

DuckDuckGo search /etc/fstab syntax.

DuckDuckGo search */etc/fstab syntax*.

Benjamin_Loison commented

2024-11-08 18:22:29 +01:00

![image](/attachments/9711e659-dcf5-498d-b26c-d07fd5f7142e)

image.png

141 KiB

Benjamin_Loison closed this issue

2024-11-08 19:23:01 +01:00

Sign in to join this conversation.

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Loison/linux#41