Almost all public linux kernel rootkits try to hide processes via /proc VFS to remove the hidden processes from ps/top/etc. output. Others use the trick to change the evil process pid to 0 (but the exit call will panic the kernel)
Compilation
- The python script requires python3 and psutil.
- The kernel module just needs the kernel headers.
make
Leave a Reply