Re: [LIH] Hiding process ?

omicron Fri, 27 Apr 2001 05:57:34 -0700
hmmm,
        You can do it, but on two things...

* You gotta be root. Or atleast convince root to share some of his
manifest powers :)..the other alternatives are less and less ethical.
* You need a kernel recompile, whichever way u see it. Then u need to
install some special software that work from the krnl.
You can choose between LIDS ( Linux Intrusion Detection System -- which
also has support for krnl 2.4.x and very good IMNSHO, i use it ) and
medusa, which right now is for 2.2 krnls only ( 2.4 support is a week
away, but i haven't used it).
        You can know about
                lids  : www.lids.org
               medusa : medusa.fornax.sk  ( i think )
        You can search for both in freshmeat or the sourceforge.

        And forget about doing anything with ps ... it is just a patch at
best and is usually swiss-cheese defence. I can just go to /proc and u
can't touch me there, even if you are root !

HTH
--omicron


On Fri, 27 Apr 2001, Saju.R.Pillai wrote:
> Hi,
>
>   I have come across a situation which requires a process to be hidden
> from a ps -ef command : (
>
> Let me explain,
>
>  My application starts a process with a app_username/app_password_xx,
> name. Any user logged onto that box can do a ps -ef and rip off my
> application password/ username. Other than changing the application's
> naming convention, is there any other way I can hide my process from a
> ps -ef.
>
> ya_, I know the naming convention is outright stupid, : (   I have no
> clue why it does that and I can't even touch the application code. Is
> there any way that this can be done ?  ( Aliasing ps would be helpful ??
> )
>
> Please do help
>
> Regards
>
> __srp
>
>
>
> ----------------------------------------------
> Find out more about this and other Linux India
> mailing lists at http://lists.linux-india.org/
>

-- 
******
omicron         Mail:[EMAIL PROTECTED]
(Sridhar N)      www:omicron.symonds.net
             pubkeys:omicron.symonds.net/pubkeys

           C O G I T O   E R G O   S U M
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
Re: [LIH] Hiding process ?

Reply via email to
