Results 1 to 4 of 4
  1. #1
    Join Date
    Jun 2004
    Location
    Los Angeles
    Posts
    87

    perl - ppid info

    I've been noticing a lot of malicous processes and scripts on my system that are changing $ARGV[0] (or the C equivalent) to hide themselves in 'ps' output, disguised as one of my many apache processes.

    This is a royal pain in the a$$.

    My question is:
    How would I query a specific process about it's ppid? hopefully without relying on external binaries?

    Thanks in advance.

  2. #2
    Join Date
    Jun 2004
    Location
    Los Angeles
    Posts
    87
    hmm.. come to think of it this might be a bit better within the tech/security forum...

  3. #3
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144

    Re: perl - ppid info

    Originally posted by ninja_byte
    I've been noticing a lot of malicous processes and scripts on my system that are changing $ARGV[0] (or the C equivalent) to hide themselves in 'ps' output, disguised as one of my many apache processes.

    This is a royal pain in the a$$.

    My question is:
    How would I query a specific process about it's ppid? hopefully without relying on external binaries?

    Thanks in advance.

    Give 'ps auxf' a try. This will show the ASCII-art process hierarchy.

    For example:
    Code:
    root      3478  0.0  0.3  4328 1988 ?        Ss   Jun21   0:00 /usr/local/httpd/bin/httpd
    nobody    3495  0.0  0.4  4436 2096 ?        S    Jun21   0:00  \_ /usr/local/httpd/bin/httpd
    nobody    3496  0.0  0.4  4436 2096 ?        S    Jun21   0:00  \_ /usr/local/httpd/bin/httpd
    nobody    3497  0.0  0.4  4436 2096 ?        S    Jun21   0:00  \_ /usr/local/httpd/bin/httpd
    nobody    3498  0.0  0.4  4436 2096 ?        S    Jun21   0:00  \_ /usr/local/httpd/bin/httpd
    nobody    3499  0.0  0.4  4436 2096 ?        S    Jun21   0:00  \_ /usr/local/httpd/bin/httpd
    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  4. #4
    Join Date
    Jun 2004
    Location
    Los Angeles
    Posts
    87
    hmm ill give that a try.. thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •