BrainFish Eat FishBrain

Ramblings of a techie

Automatically kill all processes that do not belong on your system

A client of mine asked me for a program which would destroy ‘illegal’ processes. After a brief search I found the existing apps too limited or not configurable, so I threw one together that learns itself which processes are and are not allowed.

Simply run it like;

./process.pl learn

first; just do all stuff on your computer/server that is normal, so the system can learn.

After that press ctrl-c and rerun as:

./process.pl check

That’s it!


#!/usr/bin/perl

$cmd = $ARGV[0]; 

if (!$cmd) {
 $cmd = "check"; 
}

%allowproc = (); 
if ($cmd eq "check") {
 open(F, "procs.log"); 
 while() {
  chomp;
  $allowproc{$_} = 1; 
 }
 close F; 
}

if ($cmd eq "learn") {
 open(F, ">procs.log"); 
}

while (1) {
 @procs = `ps auxwww`;
 foreach(@procs) {
  chomp; 
  /.*?s+(.*?)s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+(.*)/;
  next if /^$/;
  next if /defunct/;
  next if /process.pl/;
  if (!$allowproc{$2}) {
   if ($cmd eq "learn") {
    $allowproc{$2} = 1;
    print F $2."n";
   } else {
    if (!$allowproc{$2}) {
     `kill -9 $1`;
    }
   }
  }
 }
 sleep 1;
}


Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>