Check-ps is a program that is designed to detect rootkit versions of ps that fail to tell you about selected processes. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods. You are encouraged to check the signatures, available here.
b1c08424547c197563f6641aee28b0b9450246b337ba74064bd85a9711b9b8a1Check ps is a simple program that runs ps and compares it with its own list. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods.
4637b14d6d2c1c46530c81a8b0005e0aea5fc61f51a174b202d2a364a383b485check-ps is a program that runs in the background, periodically executing the 'ps' program and checking its contents against the list of processes in a SysV-style /proc file system. Any processes that appear in /proc and do not appear in the information returned by 'ps' are logged and can even be killed. Any processes that appear in the output of 'ps' and not /proc are also reported (this might be done to give you the impression that syslogd is running when it is not, for example). Restriction: non-extant processes with non-fixed pids reported are not detected but easy for humans to detect.
a699079edf182adc80b45934e9e4120f4893c985ca4111d7ef4ce0fb778cc116
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed