A client of mine asked me for a program which would destroy ‘illegal’ processes. After a brief search I found the existing apps too limited or not configurable, so I threw one together that learns itself which processes are and are not allowed.
Simply run it like;
./process.pl learn
first; just do all stuff on your computer/server that is normal, so the system can learn.
After that press ctrl-c and rerun as:
./process.pl check
That’s it!
#!/usr/bin/perl
$cmd = $ARGV[0];
if (!$cmd) {
$cmd = "check";
}
%allowproc = ();
if ($cmd eq "check") {
open(F, "procs.log");
while() {
chomp;
$allowproc{$_} = 1;
}
close F;
}
if ($cmd eq "learn") {
open(F, ">procs.log");
}
while (1) {
@procs = `ps auxwww`;
foreach(@procs) {
chomp;
/.*?s+(.*?)s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+(.*)/;
next if /^$/;
next if /defunct/;
next if /process.pl/;
if (!$allowproc{$2}) {
if ($cmd eq "learn") {
$allowproc{$2} = 1;
print F $2."n";
} else {
if (!$allowproc{$2}) {
`kill -9 $1`;
}
}
}
}
sleep 1;
}
Be the first to leave a comment. Don’t be shy.