From 1d7d3ab9243fccb9c94cca0e5168583dd349922e Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sat, 17 Apr 2021 11:13:00 +0200
Subject: [PATCH] Hide PIDs for non-root users in proc mount

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 70d0b6b..1a7f085 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,11 @@ tmpfs /tmp tmpfs defaults,noatime 0 0
 tmpfs /var/log/nginx tmpfs rw,user,noatime 0 0
 ```
 
+To harden the system and hide pids from non-root users, also add the following:
+```
+proc /proc proc defaults,hidepid=2 0 0
+```
+
 As time syncronisation is important, you should configure ntp servers in `/etc/systemd/timesyncd.conf` and make them match with the entries in `/etc/rc.local` iptables configuration
 
 Enable the PHP-FPM default instances and nginx: