Awesome-Mirrors/awesome-linux-rootkits
1
0
Fork 0
mirror of https://github.com/milabs/awesome-linux-rootkits.git synced 2024-10-01 06:35:44 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Ilya V. Matveychikov 2018-07-02 14:00:37 +04:00 committed by GitHub
parent dbf212aeaf
commit e9f7719c49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -65,6 +65,7 @@ Additional functions:
| Environment | 2.6.x/3.x/4.x (x86) | `sys_call_table` search method is x86-only |
| Persistency | /etc/modules or /etc/rc.modules | boot-time module loading |
| Management interface | `kill(2)` | `sys_call_table[__NR_kill]` |
| Detection evasion | Hiding | Hide own files, unlinks module from `module_list`, tamper file content |
| Hiding of files and directories | Filtering of direcroty entries | `sys_call_table[__NR_getdents]` `sys_call_table[__NR_getdents64]` |
| Hiding of processes and process trees | Filtering of `/proc` | Filtering `getdents` while listing `/proc`. Hidden tasks are marked using `task->flags` (0x10000000). Not able to hide all threads and children of parent process. |