hidepid: hide a process from other users

tux_compThe Linux kernel 3.2+ has added an option to hide processes from other users as a part of kernel hardening. Only the user who owns the process and the root can see the process.

hidepid has been under discussion as early as late 2011. The git commit log is here. It is essentially an option to mount the virtual /proc filesystem. hidepid can have 3 values:

  • 0: default behaviour
  • 1: users may not access any /proc/<pid>/ directories, but their own. Sensitive files like cmdline, sched*, status are protected against other users.
  • 2: hidepid=1 plus all /proc/PID/ will be invisible to other users. It hides the process euid and guid.

To use it this option, edit your /etc/fstab as sudoer and add/edit the proc filesystem entry line as below:

proc /proc proc defaults,hidepid=2 0 0

You can remount /proc live (as root) as well:

# mount -o remount,rw,hidepid=2 /proc

Some apps might break when you use this option. You need to append the gid (group id) option to the fstab mount options to fix this. Notes from the commit log:

gid=XXX defines a group that will be able to gather all processes’ info (as in hidepid=0 mode). This group should be used instead of putting nonroot user in sudoers file or something. However, untrusted users (like daemons, etc.) which are not supposed to monitor the tasks in the whole system should not be added to the group.

Add the owner user’s group id to /etc/fstab as below:

proc /proc proc defaults,hidepid=2,gid=mygrp 0 0

httpry: sniff http packets

cool_penguin_smallhttpry is a tool to display, log or save http traffic data. Think of it as tcpdump only for the http protocol. The advantage of using httpry is the data is easier to analyze and the log files are designed to be parsed easily by command-line tools. httpry is lightweight and depends mostly on libpcap.

Situations where httpry might be useful are:

  • Track users on your network browsing online
  • Verify proper server configuration
  • Research patterns in HTTP usage
  • Watch for suspicious downloaded files
  • Verify the enforcement of HTTP policy on the network
  • Extract HTTP statistics out of saved capture files
  • Just watch the packets flow in realtime

To install httpry on Ubuntu:

$ sudo apt-get intall httpry

httpry should be run as sudoer to sniff an interface. The trivial usage is:

$ sudo httpry -i wlan0
httpry version 0.1.7 -- HTTP logging and information retrieval tool
Copyright (c) 2005-2012 Jason Bittel <jason.bittel@gmail.com>
----------------------------
Hash buckets:       64
Nodes inserted:     10
Buckets in use:     10
Hash collisions:    0
Longest hash chain: 1
----------------------------
Starting capture on wlan0 interface
2014-08-22 07:58:31    192.168.0.11    74.125.236.211    >    GET    www.google.com    /    HTTP/1.1    -    -
2014-08-22 07:58:31    74.125.236.211    192.168.0.11    <    -    -    -    HTTP/1.1    302    Found
Other usage examples
  • Dump binary pcap data
    $ sudo httpry -i wlan0 -b dump.pcap
  • Dump in text format
    $ sudo httpry -i wlan0 -o dump.txt
  • Read packet data from a file
    httpry -r dump.pcap
Other useful switches
-d : run as a daemon
-h : help
-m : request methods to parse in comma separated string (GET, POST, PUT, HEAD, CONNECT)
-n : parse n packets and quit

Webpage: httpry

Install MATE desktop on Ubuntu 14.04

MATE is a Gnome 2 mod that tries to retain the simplicity and productivity of the desktop environment. The Ubuntu MATE spin is going to get an official Ubuntu flavour status soon. In preparation the MATE guys have set up a PPA with MATE 1.8.1 for Trusty. So if you are a MATE fan or just want to check out a new desktop environment for fun, you can install it. Note that this is not yet production ready and needs some extra packages from another PPA in addition to core MATE packages.

Run:

$ sudo apt-add-repository ppa:ubuntu-mate-dev/ppa
$ sudo apt-add-repository ppa:ubuntu-mate-dev/trusty-mate
$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install --no-install-recommends ubuntu-mate-core ubuntu-mate-desktop

Try other desktop environments.

Viber: free calls and sharing

Viber is one of the best applications when it comes to platform-agnostic VoIP calls and communication for free. Viber is a complete instant messaging cum file sharing cum VoIP app available for the desktop as well as smartphones. In general Viber to Viber calls are free but you can also call contacts who do not use Viber using ViberOut – a paid service. Features:

  • Multiplatform – Linux, Windows, Mac, Android, iPhone, Blackberry, Windows Phone, Nokia and Bada
  • Easy registration and account creation. Viber uses phone number to identify users.
  • Simple and easy to use interface
  • No ads in the apps
  • Text, photo and sticker messages
  • Group conversations
  • Call any Viber user for free (including international)
  • Full sync between your mobile and your device
  • Transfer ongoing calls between your mobile and your desktop
  • If you use ViberOut, recharge your account with Auto Top-Up if balance is < $2

Webpage: Viber

Follow

Get every new post delivered to your Inbox.

Join 286 other followers