Automatically kill all processes that do not belong on your system

A client of mine asked me for a program which would destroy ‘illegal’ processes. After a brief search I found the existing apps too limited or not configurable, so I threw one together that learns itself which processes are and are not allowed.

Simply run it like;

./process.pl learn

first; just do all stuff on your computer/server that is normal, so the system can learn.

After that press ctrl-c and rerun as:

./process.pl check

That’s it!


#!/usr/bin/perl

$cmd = $ARGV[0];

if (!$cmd) {
$cmd = "check";
}

%allowproc = ();
if ($cmd eq "check") {
open(F, "procs.log");
while() {
chomp;
$allowproc{$_} = 1;
}
close F;
}

if ($cmd eq "learn") {
open(F, ">procs.log");
}

while (1) {
@procs = `ps auxwww`;
foreach(@procs) {
chomp;
/.*?s+(.*?)s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+.*?s+(.*)/;
next if /^$/;
next if /defunct/;
next if /process.pl/;
if (!$allowproc{$2}) {
if ($cmd eq "learn") {
$allowproc{$2} = 1;
print F $2."n";
} else {
if (!$allowproc{$2}) {
`kill -9 $1`;
}
}
}
}
sleep 1;
}


Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>