Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't think that there is a way to do this. If you are a user and the admin doesn't want you to run certain processes, that's going to be pretty tough to get around.
I am really treading where I don't understand, but if you could find and modify the source, make it look like another program so that when you run it, its process name is different.
You can't do that. The processes will always show to root. If a hacker gets into your system and is root, he can do pretty much whatever he wants. That's just the way it works.
then, ps doesn't exist, and they won't know where you
actually put it and renamed it. You can do this for any/all
commands you want. ps doesn't really care what it is called.
Adding onto the previous post, if you don't want to be conspicuous that you don't have the ps program, you can move the real ps progam somewhere else, and make a shell script named ps in /bin/ and point that to the real ps, while piping the output from the real ps to grep, awk, and sed to hide processes. So when a user types "ps -aux" they are actually running your script which is taking the input from the real ps and filtering it. This must be terribly hard, but there are so-called "root kits" out on the internet for hackers who manage to get root. Maybe one tool of a root kit may be this type of script, but not sure b/c never had the need for one.
This is absolutely doable. When your box is cracked this is often what they'll do.
'ps' is simply an executable file. If you replace it with your own file it will behave how you want it to, even for root. Since you're the admin just go in and pipe the processes out with grep, awk, sed, as stated above.
There is almost never a 'way it is with Linux.' It's all open, if you're root just go in there and change it!
Realize, though, that this cuts both ways. If you do get cracked, well, they can install their ps.
I'm curious what processes you want to hide from hackers.
Originally posted by n3wb1e I am admin.. i just wanna know how to hide process... then even hackers cant see my processes if they hack into my system and have root ..
dorian33: "Learn much more about grsecurity"
I agree running a Grsecurity-patched kernel can solve some headaches, but you should try to offer more details about what it's capable of, like memory and process protection.
Originally posted by RolledOat mv /bin/ps /somerandomedirectory/<randomname>
then, ps doesn't exist, and they won't know where you
actually put it and renamed it. You can do this for any/all
commands you want. ps doesn't really care what it is called.
RO
You can also get similar info from /proc. Look into something with RBAC or RSBAC like grsecurity. There are some distros like Castle Linux have this functionality built in.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.