snprintf(dir, OS_SIZE_1024, "%d", pid);
if(isfile_ondir(dir, "/proc"))
{
snprintf(dir, OS_SIZE_1024, "%d", pid);
if(isfile_ondir(dir, "/proc"))
{
snprintf(dir, OS_SIZE_1024, "/proc/%d", pid);
if(chdir(dir) == 0)
{
snprintf(dir, OS_SIZE_1024, "/proc/%d", pid);
if(chdir(dir) == 0)
{
snprintf(proc_dir, OS_SIZE_1024, "%s/%d", "/proc", pid);
snprintf(proc_dir, OS_SIZE_1024, "%s/%d", "/proc", pid);
- snprintf(command, OS_SIZE_1024, "%s -p %d > /dev/null 2>&1",
- ps,
+ snprintf(command, OS_SIZE_1024, "%s -p %d > /dev/null 2>&1",
+ ps,
/* If our kill or getsid system call, got the
* PID , but ps didn't, we need to find if it was a problem
* with a PID being deleted (not used anymore)
/* If our kill or getsid system call, got the
* PID , but ps didn't, we need to find if it was a problem
* with a PID being deleted (not used anymore)
/* If it matches, process was terminated */
if(!_gsid1 &&!_kill1 &&!_gpid1 &&!_proc_stat &&
!_proc_read &&!_proc_chdir)
/* If it matches, process was terminated */
if(!_gsid1 &&!_kill1 &&!_gpid1 &&!_proc_stat &&
!_proc_read &&!_proc_chdir)
snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"ps. Possible trojaned version installed.",
(int)i);
snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"ps. Possible trojaned version installed.",
(int)i);
/* Checking where ps is */
memset(ps, '\0', OS_SIZE_1024 +1);
strncpy(ps, "/bin/ps", OS_SIZE_1024);
/* Checking where ps is */
memset(ps, '\0', OS_SIZE_1024 +1);
strncpy(ps, "/bin/ps", OS_SIZE_1024);
loop_all_pids(ps, max_pid, &_errors, &_total);
if(_errors == 0)
loop_all_pids(ps, max_pid, &_errors, &_total);
if(_errors == 0)
"Analyzed %d processes.", ps, _total);
notify_rk(ALERT_OK, op_msg);
}
"Analyzed %d processes.", ps, _total);
notify_rk(ALERT_OK, op_msg);
}