OpenVZ Forum



Members   Search      Help    Register    Login    Home
Home » General » Support » Hidden process for init (PID 1)?
Hidden process for init (PID 1)? [message #34219] Mon, 15 December 2008 04:05 Go to previous message
signal11 is currently offline signal11
Messages: 3
Registered: December 2008
Junior Member
 From: *hs.uni-hamburg.de
I'm trying to detect hidden processes within a container (no, you don't need a kernel module to hide a process.. trojan ps and top go a long way already).

I'm aware that OpenVZ already has a hidden process for every visible process in the container, and that there's an offset of 1024 in PID between hidden and visible processes, which allows to identify the legitimate hidden OpenVZ processes.

However, there remains one unaccounted hidden process (i.e. no visible process at hidden PID + 1024). On the other hand there's no obvious hidden process candidate for init (PID 1). Is it safe to presume that the unaccounted hidden process is the one corresponding to PID 1?

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic:samba: no entropy gathering module detected
Next Topic:Inconsistent free space after resizing ve
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue May 21 10:58:20 EDT 2013
Powered by FUDforum Powered by Parallels Virtuozzo Containers