linux – top仅显示当前用户进程
发布时间:2020-12-13 17:25:48 所属栏目:Linux 来源:网络整理
导读:最近有一台运行CentOS 6.7的专用服务器,我们已经运行了更新,并注意到top只显示当前用户的进程. [myuser@server2 ~]$top -b -n1 top - 20:19:20 up 1 day,10:09,3 users,load average: 0.80,0.50,0.41Tasks: 11 total,1 running,10 sleeping,0 stopped,0 zomb
|
最近有一台运行CentOS 6.7的专用服务器,我们已经运行了更新,并注意到top只显示当前用户的进程.
[myuser@server2 ~]$top -b -n1 top - 20:19:20 up 1 day,10:09,3 users,load average: 0.80,0.50,0.41 Tasks: 11 total,1 running,10 sleeping,0 stopped,0 zombie Cpu(s): 0.2%us,0.0%sy,0.0%ni,99.8%id,0.0%wa,0.0%hi,0.0%si,0.0%st Mem: 32880988k total,26893324k used,5987664k free,140872k buffers Swap: 1046520k total,0k used,1046520k free,19532120k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1648 myuser 20 0 98.8m 1020 688 S 0.0 0.0 0:00.00 man 1651 myuser 20 0 103m 1184 1016 S 0.0 0.0 0:00.00 sh 1652 myuser 20 0 103m 684 500 S 0.0 0.0 0:00.00 sh 1656 myuser 20 0 103m 912 752 S 0.0 0.0 0:00.07 less 3363 myuser 20 0 100m 1708 700 S 0.0 0.0 0:00.04 sshd 3364 myuser 20 0 105m 1916 1524 S 0.0 0.0 0:00.00 bash 8337 myuser 20 0 14940 1096 880 R 0.0 0.0 0:00.00 top 30429 myuser 20 0 100m 1696 696 S 0.0 0.0 0:00.16 sshd 30430 myuser 20 0 105m 1924 1536 S 0.0 0.0 0:00.01 bash 31132 myuser 20 0 100m 1692 692 S 0.0 0.0 0:00.05 sshd 31133 myuser 20 0 105m 1928 1536 S 0.0 0.0 0:00.04 bash 但是当使用sudo运行时,我会得到正常的输出 [myuser@server2 ~]$sudo top -bn1
top - 20:22:08 up 1 day,10:12,load average: 0.36,0.40,0.39
Tasks: 166 total,165 sleeping,26898188k used,5982800k free,141196k buffers
Swap: 1046520k total,19532188k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
32705 otherusr 20 0 21.9g 5.8g 15m S 39.8 18.3 28:47.76 java
1 root 20 0 19280 1524 1232 S 0.0 0.0 0:00.76 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.40 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
6 root 20 0 0 0 0 S 0.0 0.0 0:03.20 kworker/u16:0
~~~~~omitted~~~~~
我试过在批处理模式下运行top并使用“u”& “U”并将其留空并按[enter],没有运气. 我很确定我正在运行真正的顶级,以绝对路径发射没有任何影响. $which top /usr/bin/top $file /usr/bin/top /usr/bin/top: ELF 64-bit LSB executable,x86-64,version 1 (SYSV),dynamically linked (uses shared libs),for GNU/Linux 2.6.18,stripped $alias alias l.='ls -d .* --color=auto' alias ll='ls -l --color=auto' alias ls='ls --color=auto' alias vi='vim' alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde' / etc /中没有toprc $ls -a /etc | grep -c toprc 0 proc安装如下 $sudo cat /proc/mounts | grep proc none /proc proc rw,relatime 0 0 none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0 $sudo cat /etc/fstab | grep proc proc /proc proc defaults 0 0 关于Procs的更多细节 [myuser@server2 ~]$sudo -u otherusr ps -A
PID TTY TIME CMD
21921 pts/0 00:00:00 ps
32703 ? 00:00:00 screen
32705 pts/3 01:08:01 java
[myuser@server2 ~]$sudo ls -l /proc/ | grep 32705
dr-xr-x--- 7 otherusr root 0 Sep 23 19:27 32705
[myuser@server2 ~]$sudo ls -l /proc/32705/ | grep stat
-r-------- 1 otherusr root 0 Sep 23 21:54 mountstats
-r--r--r-- 1 otherusr root 0 Sep 23 19:27 stat
-r--r--r-- 1 otherusr root 0 Sep 23 19:27 statm
-r--r--r-- 1 otherusr root 0 Sep 23 19:27 status
[myuser@server2 ~]$ls /proc/ | egrep "[0-9]{1,9}";
17363
17364
26124
26125
3363
3364
[myuser@server2 ~]$sudo -u otheruser ls /proc/ | egrep "[0-9]{1,9}"
26132
32703
32705
[myuser@server2 ~]$umask
0002
[root@server2 ~]# umask
0022
有任何想法吗? 解决方法
一种可能性是使用hidepid = 1或hidepid = 2安装/ proc.这个挂载选项在后来的Linux内核中添加,并在CentOS 5.9和6.3的某个时候重新移植.
Mount options
The proc filesystem supports the following mount options:
hidepid=n (since Linux 3.3)
This option controls who can access the information in
/proc/[pid] directories. The argument,n,is one of the
following values:
0 Everybody may access all /proc/[pid] directories. This is
the traditional behavior,and the default if this mount
option is not specified.
1 Users may not access files and subdirectories inside any
/proc/[pid] directories but their own (the /proc/[pid]
directories themselves remain visible). Sensitive files
such as /proc/[pid]/cmdline and /proc/[pid]/status are now
protected against other users. This makes it impossible
to learn whether any user is running a specific program
(so long as the program doesn't otherwise reveal itself by
its behavior).
2 As for mode 1,but in addition the /proc/[pid] directories
belonging to other users become invisible. This means
that /proc/[pid] entries can no longer be used to discover
the PIDs on the system. This doesn't hide the fact that a
process with a specific PID value exists (it can be
learned by other means,for example,by "kill -0 $PID"),but it hides a process's UID and GID,which could
otherwise be learned by employing stat(2) on a /proc/[pid]
directory. This greatly complicates an attacker's task of
gathering information about running processes (e.g.,discovering whether some daemon is running with elevated
privileges,whether another user is running some sensitive
program,whether other users are running any program at
all,and so on).
另一种可能性(由海报找到并作为参考信息添加到此答案中)是grsecurity,其具有将其他用户的进程从非特权用户隐藏的功能,作为其file system hardening的一部分.
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |