Post AVU6llvtxYjKA2M5wm by blumlaut@furfag.de
 (DIR) More posts by blumlaut@furfag.de
 (DIR) Post #AVU6ljbGdJ2IvSgaVU by blumlaut@furfag.de
       2023-05-09T14:20:55Z
       
       1 likes, 0 repeats
       
       one of our devs off-handedly told me that our hosts are configured so unprivileged users can see all processes running on the server.ugghhhhhhhhhhhh
       
 (DIR) Post #AVU6llvtxYjKA2M5wm by blumlaut@furfag.de
       2023-05-09T14:21:23Z
       
       0 likes, 0 repeats
       
       if grep -q "proc" /etc/fstab; then  if ! grep -q "hidepid=2" /etc/fstab; then    sed -i '/proc/s/defaults/defaults,hidepid=2/' /etc/fstab    mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc  fielse  echo "proc /proc proc defaults,hidepid=2 0 0" >> /etc/fstab  mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /procfihope this doesnt horribly break in prod :D