invisible process
Thierry ITTY
thierry.itty at besancon.org
Mon May 16 18:41:42 UTC 2005
A 08:27 16/05/2005 -0700, vous avez écrit :
>I don't know how likely this explanation is, given the exposure this box has
>seen, But the KIS, (Kernel Intrusion System) that was released by Optyx a
>few defcons ago, can mask processes from the kernel.
>
>http://www.linux.cu/pipermail/linux-l/2001-July/026017.html
I'll check this just to be sure, but yes, it's very unlikely
1) the kernel is compiled with no modules support
2) the kernel is compiled on another "clean" machine and just scp'ed to the
gateway machine
3) the gateway works normally with another kernel (I think /sbin/init is
not infected)
4) the load is quite low, my main goal was to have a silent machine (hda
rarely spins up)
thanks anyway
More information about the redhat-list
mailing list