How can i hide process? that admin cant see proc when he type ps -aux ... process like psybnc or eggdrop which run in bg? can i do that ?


Please help me!

thank you

I don't think that there is a way to do this. If you are a user and the admin doesn't want you to run certain processes, that's going to be pretty tough to get around.

I am really treading where I don't understand, but if you could find and modify the source, make it look like another program so that when you run it, its process name is different.

If you mean admin=root, no, root can see and do anything.

RO

I am admin.. i just wanna know how to hide process... then even hackers cant see my processes if they hack into my system and have root ..

You can't do that. The processes will always show to root. If a hacker gets into your system and is root, he can do pretty much whatever he wants. That's just the way it works.

mv /bin/ps /somerandomedirectory/<randomname>

then, ps doesn't exist, and they won't know where you
actually put it and renamed it. You can do this for any/all
commands you want. ps doesn't really care what it is called.

RO

Adding onto the previous post, if you don't want to be conspicuous that you don't have the ps program, you can move the real ps progam somewhere else, and make a shell script named ps in /bin/ and point that to the real ps, while piping the output from the real ps to grep, awk, and sed to hide processes. So when a user types "ps -aux" they are actually running your script which is taking the input from the real ps and filtering it. This must be terribly hard, but there are so-called "root kits" out on the internet for hackers who manage to get root. Maybe one tool of a root kit may be this type of script, but not sure b/c never had the need for one.

This is absolutely doable. When your box is cracked this is often what they'll do.

'ps' is simply an executable file. If you replace it with your own file it will behave how you want it to, even for root. Since you're the admin just go in and pipe the processes out with grep, awk, sed, as stated above.

There is almost never a 'way it is with Linux.' It's all open, if you're root just go in there and change it!

Realize, though, that this cuts both ways. If you do get cracked, well, they can install their ps.

I'm curious what processes you want to hide from hackers.

mac_phil

processes like logger .. sniffer etc...

Learn much more about grsecurity

dorian33: "Learn much more about grsecurity"
I agree running a Grsecurity-patched kernel can solve some headaches, but you should try to offer more details about what it's capable of, like memory and process protection.

You can also get similar info from /proc. Look into something with RBAC or RSBAC like grsecurity. There are some distros like Castle Linux have this functionality built in.