OpenVZ Forum: Support » Hidden process for init (PID 1)?

Home » General » Support » Hidden process for init (PID 1)?

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Hidden process for init (PID 1)? [message #34219]

Mon, 15 December 2008 09:05

signal11
Messages: 3
Registered: December 2008

Junior Member

I'm trying to detect hidden processes within a container (no, you don't need a kernel module to hide a process.. trojan ps and top go a long way already).

I'm aware that OpenVZ already has a hidden process for every visible process in the container, and that there's an offset of 1024 in PID between hidden and visible processes, which allows to identify the legitimate hidden OpenVZ processes.

However, there remains one unaccounted hidden process (i.e. no visible process at hidden PID + 1024). On the other hand there's no obvious hidden process candidate for init (PID 1). Is it safe to presume that the unaccounted hidden process is the one corresponding to PID 1?

Report message to a moderator

[Message index]

		Hidden process for init (PID 1)? By: signal11 on Mon, 15 December 2008 09:05
		Re: Hidden process for init (PID 1)? By: maratrus on Mon, 15 December 2008 11:39
		Re: Hidden process for init (PID 1)? By: signal11 on Mon, 15 December 2008 11:55
		Re: Hidden process for init (PID 1)? By: maratrus on Mon, 15 December 2008 16:22
		Re: Hidden process for init (PID 1)? By: signal11 on Wed, 17 December 2008 09:36
		Re: Hidden process for init (PID 1)? By: khorenko on Wed, 17 December 2008 12:24

Previous Topic:	samba: no entropy gathering module detected
Next Topic:	Inconsistent free space after resizing ve

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri May 03 23:58:56 GMT 2024

Total time taken to generate the page: 0.01655 seconds