|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian Hatch (honeypots
ifokr.org)Date: Thu Apr 11 2002 - 17:12:22 CDT
> The last time I used LIDS (www.lids.org), it had functionality to hide
> processes that you are able to define the full path to, and optionally their
> child processes. I have not used LIDS in over a year and a half, so I'm not
> sure if it still contains that functionality, and obviously it is for the
> Linux kernel only. If your server is Linux, and LIDS still supports hiding
> processes, this may be a solution for you.
Lids hides procs by not listing hidden processes in /proc.
This means all ps/lsof/etc programs will have no way of
seeing the process.
However non-proc methods (sending signals, in particular)
can still be used to determine that there is some hidden
process running. Of course you still can't see what it
is, you just know that there is one.
Note that if you do try this with lids, the process you
want to hide must be started *after* the lidsadm/etc rules
are put in place and lids reloaded.
-- Brian Hatch To love oneself is Systems and the beginning of a Security Engineer lifelong romance. http://www.ifokr.org/bri/Every message PGP signed
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjy2CkUACgkQp6D9AhxzHxB1KACdGmjWh9Js+/M/dH03zdgtMClL 9mQAn2zc13pGAmMcVrhpaE44u6ahVJe7 =eths -----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]