How do i show security information in the process status on linux?
-
Standard format ps
-o format User-defined format. format is a single argument in the form of a blank separated or comma-separated list, which offers a way to specify individual output columns. The recognized keywords are described in the STANDARD FORMAT SPECIFIERS section below. Headers may be renamed (ps -o pid,ruser=RealUser -o comm=Command) as desired. If all column headers are empty (ps -o pid= -o comm=) then the header line will not be output. Column width will increase as needed for wide headers; this may be used to widen up columns such as WCHAN (ps -o pid,wchan=WIDE-WCHAN-COLUMN -o comm). Explicit width control (ps opid,wchan:42,cmd) is offered too. The behavior of ps -o pid=X,comm=Y varies with personality; output may be one column named "X,comm=Y" or two columns named "X" and "Y". Use multiple -o options when in doubt. Use the PS_FORMAT environment variable to specify a default as desired; DefSysV and DefBSD are macros that may be used to choose the default UNIX or BSD columns.
euser EUSER effective user name. This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise. The n option can be used to force the decimal representation. (alias uname, user). ruser RUSER real user ID. This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise. suser SUSER saved user name. This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise. (alias svuser).
fuser FUSER filesystem access user ID. This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise. f F flags associated with the process, see the PROCESS FLAGS section. (alias flag, flags).
comm COMMAND command name (only the executable name). Modifications to the command name will not be shown. A process marked <defunct> is partly dead, waiting to be fully destroyed by its parent. The output in this column may contain spaces. (alias ucmd, ucomm). See also the args format keyword, the -f option, and the c option. When specified last, this column will extend to the edge of the display. If ps can not determine display width, as when output is redirected (piped) into a file or another command, the output width is undefined (it may be 80, unlimited, determined by the TERM variable, and so on). The COLUMNS environment variable or --cols option may be used to exactly determine the width in this case. The w or -w option may be also be used to adjust width. label LABEL security label, most commonly used for SELinux context data. This is for the Mandatory Access Control ("MAC") found on high-security systems.
$ ps -eo euser,ruser,suser,fuser,f,comm,label EUSER RUSER SUSER FUSER F COMMAND LABEL root root root root 4 systemd unconfined root root root root 1 kthreadd unconfined
-M Add a column of security data. Identical to Z (for SELinux).
$ ps -eM
Z Add a column of security data. Identical to -M (for SELinux).
BSD format ps
$ ps axZ
© Lightnetics 2024