UGN Security
Posted By: tmp001 linux process hiding - 04/28/02 10:58 PM
i wonder if anyone knows any tricks to hide a determinated command you are executing in Linux.

example: I want to execute a file that is a scritp in expect, if i do so, when someone does a `ps auxe | grep MYUSERNAME` they will see /usr/bin/expect -f filename, waht i wish is to prevent that. I tryed stupid things like renaming files, running commands from compiled c programs using system() exec() and nothing worked,
if any one has any new ideas i would ver much like to hear about it.
Posted By: hKzKnight Re: linux process hiding - 04/29/02 12:29 AM
Sorry getting me a bit lost, prob because been working a lot and lack of sleep. Yet are you trying to say you want to hide what you typed, or hide the username? Usr terms try logging in root, would make it generic. As for hiding the command, arg don't remember was something like -hide -hideall arg, ahhh forgot... I'll look it up tommarow at work (if you dont get an answer tonight) Yet feel free to explore this site, http://help.linuxbin.com/manreader.php3?goto=index-man1.html

It's been sitting around in my bookmarks.
Posted By: sinetific Re: linux process hiding - 05/02/02 07:35 PM
Check out rootkits. Some of them contain programs that will replace the ps command entirely in order to hide processes. Theres an article at neworder that tells about detecting rootkits on your system and how they work. One replaces http://neworder.box.sk/newsread.php?newsid=4182
(dont be mad bout the link gizzy)
Posted By: hKzKnight Re: linux process hiding - 05/03/02 12:09 AM
Thats also a cool thing, but I remember a command for it somplace *smacks head, **** memory*... Yet good deal.
© UGN Security Forum