Is it possible to 'hide' a process from the listing of `ps` or `top` on Linux
According to kernel patch http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201, you can use the hidepid option for the proc filesystem:
hidepid=0 (default) means the old behavior - anybody may read all world-readable /proc/PID/* files.
hidepid=1 means users may not access any /proc// directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users. As permission checking done in proc_pid_permission() and files' permissions are left untouched, programs expecting specific files' modes are not confused.
hidepid=2 means hidepid=1 plus all /proc/PID/ will be invisible to other users. It doesn't mean that it hides whether a process exists (it can be learned by other means, e.g. by kill -0 $PID), but it hides process' euid and egid. It compicates intruder's task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.
gid=XXX defines a group that will be able to gather all processes' info (as in hidepid=0 mode). This group should be used instead of putting nonroot user in sudoers file or something. However, untrusted users (like daemons, etc.) which are not supposed to monitor the tasks in the whole system should not be added to the group.
You are not able to control the visibility on process level however you can ensure that your users can see their own processes only.
In case you have kernel version greater than 3.3 you can make a try with the following command:
mount /proc -o remount,hidepid=2
Well, you have a couple of options here. Taking the easy way out would be to swap the ps and top programs out with modified versions that hide what it is you want to hide.
The alternative would be to run your code embedded in an existing process, or write a wrapper-script around your code with an innocuous name.
In some versions of PS, you can modify it by changing argv[], but not sure if that works for top, and not sure if it works in linux (It's mainly a BSD convention).
It all depends, on exactly what you are looking to achieve by doing this?