VULHUB ™

RIAL is a lkm based rootkit which can hide processes, files, directories, LKMs, connections and file parts. While some of these are present in a large number of lkms, connections and file-parts hiding are new ideas, or at least i couldn't find any lkm which had them. All the processes, files, directories and lkms containing in their name the string defined in HIDE are hidden. Reading from /proc/net/tcp is intercepted and read data is filtered to hide some connections.

RIAL is a lkm based rootkit which can hide processes, files, directories, LKMs, connections and file parts. While some of these are present in a large number of lkms, connections and file-parts hiding are new ideas, or at least i couldn't find any lkm which had them. All the processes, files, directories and lkms containing in their name the string defined in HIDE are hidden. Reading from /proc/net/tcp is intercepted and read data is filtered to hide some connections.