Procfs
procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.
sysfs ist eine ähnliche, neuere Implementierung, die mehr und mehr Elemente von procfs ersetzt.
Installation
Kernel
Activate the following kernel options:
File systems --->
Pseudo filesystems --->
<*> /proc file system support
Konfiguration
OpenRC
/proc is mounted by OpenRC's /lib/rc/sh/init.sh[1]:
user $
mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
The init service /etc/init.d/procfs goes in runlevel boot:
user $
/sbin/rc-update | grep procfs
procfs | boot
Den Zugriff auf PID-Verzeichnisse einschränken
procfs provides the hidepid
mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users[2].
Value | Description |
---|---|
hidepid=0
|
The file located in /proc/<pid>/* will be world readable. This is the default behavior. |
hidepid=1
|
The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information. |
hidepid=2
|
Same as hidepid=1 but the /proc/<pid> directories of other users are hidden. Since this will hide process information from all users except root, it may be useful to allow access to privileged users such as those belonging to the wheel group.
|
The hidepid
mount option can be configured to be used automatically when mounting /proc/, for example:
/etc/fstab
Hiding process information from other users except those in the wheel groupproc /proc proc nosuid,nodev,noexec,hidepid=2,gid=wheel 0 0
Bedienung
See the Wikipedia article for a description of each file's purpose.
Use cat to read information. For example, users can get the version of the currently running kernel with the following command:
user $
cat /proc/version
Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:
root #
echo 1 > /proc/sys/kernel.sysrq
sysctl
sysctl is a mechanism to modify certain kernel parameters at runtime. It is part of sys-process/procps and its files are located at /proc/sys/. These articles contain documentation of most files.
sysctl works with key-value pairs. The keys can be assembled from the file path by removing the /proc/sys prefix and replacing the forward slash with a dot. For example /proc/sys/kernel/sysrq becomes kernel.sysrq
.
It is certainly possible to modify files in /proc like performed above, however the sysctl tool can modify /proc information in a much more structured way:
To enable the magic SysRq keys:
root #
sysctl kernel.sysrq=1
To show all sysctl keys and their current values:
root #
sysctl -a
To configure kernel parameters at system boot, add them to a configuration file with a .conf suffix in the /etc/sysctl.d/ directory. The recommended location for local settings is /etc/sysctl.d/local.conf. The legacy file /etc/sysctl.conf is also supported. To enable the magic SysRq key at boot:
/etc/sysctl.d/local.conf
kernel.sysrq=1
Siehe man pages für sysctl und sysctl.conf .
OpenRC
Der Dienst sysctl liest die Dateien beim Booten und führt die Einstellungen aus. Der Dienst ist standardmäßig aktiviert.
systemd
Besides the /etc/sysctl.d/ directory systemd also knows the /usr/lib/sysctl.d/ directory. This second directory is for package-provided configuration files.
The systemd-sysctl service is enabled by default.
Siehe auch
- sysfs — a virtual filesystem (virtual means it takes up no disk space).
- The proc filesystem (Security Handbook)
Referenzen
- ↑ Bug 406263 – Remove the two lines concerning proc and shm since they don't reflect the /etc/fstab file that is default in current state3 installation, Gentoo's Bugzilla Main Page, (Last modified) April 29th, 2012. Retrieved on October 23rd, 2015.
- ↑ Vasiliy Kulikov. procfs: add hidepid= and gid= mount options, Linux kernel source tree, January 10th, 2012. Retrieved on July 31st, 2015.