Awesome-Mirrors/awesome-linux-rootkits
1
0
Fork 0
mirror of https://github.com/milabs/awesome-linux-rootkits.git synced 2024-10-01 06:35:44 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Ilya V. Matveychikov 2018-07-02 13:54:20 +04:00 committed by GitHub
parent e338336d3e
commit 19eacd9b75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -60,6 +60,14 @@ Additional functions:
Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x
| Feature | Description | Implementation Details |
| --- | --- | --- |
| Environment | 2.6.x/3.x/4.x (x86) | `sys_call_table` search method is x86-only |
| Persistency | /etc/modules or /etc/rc.modules | boot-time module loading |
| Management interface | `kill(2)` | `sys_call_table[__NR_kill]` |
| Hiding of files and directories | Filtering of direcroty entries | `sys_call_table[__NR_getdents]` `sys_call_table[__NR_getdents64]` |
| Hiding of processes and process trees | Filtering of `/proc` | Filtering `getdents` while listing `/proc`. Hidden tasks are marked using `task->flags` (0x10000000). Not able to hide all threads and childs of parent process. |
- https://github.com/QuokkaLight/rkduck
rkduck - Rootkit for Linux v4