OpenVZ Forum: Support » "hidden processes" in OpenVZ

Home » General » Support » "hidden processes" in OpenVZ

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: "hidden processes" in OpenVZ [message #23610 is a reply to message #23608]

Wed, 21 November 2007 06:01

vaverin
Messages: 708
Registered: September 2005

Senior Member

I would note that you cannot make process "hidden" from userspace. It can be done from kernel-space only, i.e. by using loadable kernel modules.
However nobody inside VE have such permissions, nobody is able to load any kernel modules from inside VE, only HW-node admin is able to do it.

Therefore "hidden" proccesses detected inside VE is not mean that your VE has been hacked. All that yo can do is just report to HW-node admin and he can check your "hidden" pids.

However you can make some checks inside VE too. Usually "virtual" pids visible inside VE = "system" Pid + 1024 (i.e bit 10 is used to mark pid as Virtual). Therefore if you found "hidden" pid with this number, it makes sense to search according "virtual" pid inside VE.

Of course we'll make "system" pids to be more "invisible" inside VE -- to prevent chkrootkit's false alerts.

Thank you,
Vasily Averin

Report message to a moderator

[Message index]

		"hidden processes" in OpenVZ By: floogy on Sun, 18 November 2007 14:11
		Re: "hidden processes" in OpenVZ By: vaverin on Tue, 20 November 2007 10:43
		Re: "hidden processes" in OpenVZ By: floogy on Tue, 20 November 2007 12:59
		Re: "hidden processes" in OpenVZ By: vaverin on Tue, 20 November 2007 13:56
		Re: "hidden processes" in OpenVZ By: floogy on Tue, 20 November 2007 14:03
		Re: "hidden processes" in OpenVZ By: vaverin on Tue, 20 November 2007 14:17
		Re: "hidden processes" in OpenVZ By: floogy on Tue, 20 November 2007 14:24
		Re: "hidden processes" in OpenVZ By: floogy on Tue, 20 November 2007 21:11
		Re: "hidden processes" in OpenVZ By: vaverin on Wed, 21 November 2007 05:18
		Re: "hidden processes" in OpenVZ By: vaverin on Wed, 21 November 2007 06:01
		Re: "hidden processes" in OpenVZ By: vaverin on Wed, 21 November 2007 06:50
		Re: "hidden processes" in OpenVZ By: floogy on Wed, 21 November 2007 10:22
		Re: "hidden processes" in OpenVZ By: vaverin on Wed, 21 November 2007 12:53
		Re: "hidden processes" in OpenVZ By: dev on Thu, 06 March 2008 20:48
		Re: "hidden processes" in OpenVZ By: sara3 on Fri, 07 March 2008 12:26
		Re: "hidden processes" in OpenVZ By: dev on Fri, 07 March 2008 13:16

Previous Topic:	Quota on syscall for File exists
Next Topic:	New Kernel 2.6.24 out

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Oct 27 01:46:07 GMT 2025

Total time taken to generate the page: 0.10693 seconds