l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2002 Jun 18 14:52

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Question about listing loaded modules by process...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Question about listing loaded modules by process...



In cases where there is possibility of a root via a rootkit and an LKM
with evil payload, there is a tool "chkrootkit" that tries to find LKMs
based on diffs in reported processes and real processes - but it can
produce false positives in cases where processes appear and disappear
between the times differences in listed processes are gathered from actual
processes. It is not 100% in wat it tries to do, but makes some rather
good attempts and is much better tyan nothing when trying to track
something like this down.

http://www.chkrootkit.org/  and
http://www.chkrootkit.org/README

I'm not sure if this is what you are asking though...

could it be you just wanted lsmod? perhaps lsof?

Sorry, would need feedback to offer better answer. :-(

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library

On Thu, 13 Jun 2002, R. Douglas Barbieri wrote:

> Date: Thu, 13 Jun 2002 00:32:32 -0700 (PDT)
> From: R. Douglas Barbieri <doug@dooglio.net>
> Reply-To: vox-tech@lists.lugod.org
> To: LUGOD vox-tech mailing list <vox-tech@lists.lugod.org>
> Subject: [vox-tech] Question about listing loaded modules by process...
> 
> Hello all,
> 
> I came across a command a while ago which allowed me to see which 
> processes had what modules loaded. I can't for the life of me remember 
> what it is! Anyone know?
> 
> Doug
> 
> -- 
> R. Douglas Barbieri
> doug@dooglio.net
> http://www.dooglio.net
> 
> "That government is best which governs the least, because its people
>    discipline themselves."
> 
> -- Thomas Jefferson
> 
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
> 

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.