How do i show security information in the process status on linux?



  • Standard format ps

    -o format
    
    User-defined format.  format is a single argument in the form of a blank separated or comma-separated list, which offers a way to specify individual output columns.  The recognized keywords are described in the STANDARD FORMAT SPECIFIERS section below. Headers may be renamed (ps -o pid,ruser=RealUser -o comm=Command) as desired.  If all column headers are empty (ps -o pid= -o comm=) then the header line will not be output.  Column width will increase as needed for wide headers; this may be used to widen up columns such as WCHAN (ps -o pid,wchan=WIDE-WCHAN-COLUMN -o comm).  Explicit width control (ps opid,wchan:42,cmd) is offered too.  The behavior of ps -o pid=X,comm=Y varies with personality; output may be one column named "X,comm=Y" or two columns named "X" and "Y".  Use multiple -o options when in doubt.  Use the PS_FORMAT environment variable to specify a default as desired; DefSysV and DefBSD are macros that may be used to choose the default UNIX or BSD columns.
    
    euser       EUSER     effective user name.  This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise.  The n option can be used to force the decimal representation.  (alias uname, user).
    
    ruser       RUSER     real user ID.  This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise.
    
    suser       SUSER     saved user name.  This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise.  (alias svuser).
    
    fuser       FUSER     filesystem access user ID.  This will be the textual user ID, if it can be obtained and the field width permits, or a decimal representation otherwise.
    
    f           F         flags associated with the process, see the PROCESS FLAGS section.  (alias flag, flags).
    
    comm        COMMAND   command name (only the executable name).  Modifications to the command name will not be shown.  A process marked <defunct> is partly dead, waiting to be fully destroyed by its parent.  The output in this column may contain spaces.  (alias ucmd, ucomm).  See also the args format keyword, the -f option, and the c option. When specified last, this column will extend to the edge of the display.  If ps can not determine display width, as when output is redirected (piped) into a file or another command, the output width is undefined (it may be 80, unlimited, determined by the TERM variable, and so on).  The COLUMNS environment variable or --cols option may be used to exactly determine the width in this case.  The w or -w option may be also be used to adjust width.
    
    label       LABEL     security label, most commonly used for SELinux context data.  This is for the Mandatory Access Control ("MAC") found on high-security systems.
    
    $ ps -eo euser,ruser,suser,fuser,f,comm,label
    EUSER    RUSER    SUSER    FUSER    F COMMAND         LABEL
    root     root     root     root     4 systemd         unconfined
    root     root     root     root     1 kthreadd        unconfined
    
     -M     Add a column of security data.  Identical to Z (for SELinux).
    
    $ ps -eM
    
    Z      Add a column of security data.  Identical to -M (for SELinux).
    

    BSD format ps

    $ ps axZ
    

Log in to reply
 

© Lightnetics 2024