LinuxQuestions.org - Key Logger sniffer

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Key Logger sniffer (https://www.linuxquestions.org/questions/linux-security-4/key-logger-sniffer-558289/)

kwhill00

06-01-2007 07:53 AM

Key Logger sniffer

Hello All,

I was wondering is there a program that I can see if there is a key logger program installed. I know it is on my machine but it does not show up in the services. Does anybody know of a way to see what it is. Thanks for your help.:confused:

digitalnerds

06-01-2007 08:21 AM

Would you mind playing a bit with lsof and see what's opened on your system and what files are being used ?

Code:

man lsof

A good start would be to just type 'lsof' and put the command output into a file for later examination

Code:

lsof > openfiles.txt

lsof will show up the command name, pid, user running as, and several other infos alongside the file names a process is accessing while running. Play with it, it's a nifty tool

Regards
Andy

unixfool

06-01-2007 08:31 AM

Quote:

Originally Posted by kwhill00

Perhaps it is masquarading as a legitimate service? That is most likely the case...you won't see 'keylogger' showing in a process list, for example.

unSpawn

06-08-2007 02:47 AM

Keyloggers need to run stealthily and access hardware, so under GNU/Linux that shouldn't be userspace apps (unprivileged aka ring 3 mode) but LKM's (kernel aka ring 0). Shouldn't be hard to find tools to interrogate and/or verify kernel and module integrity. Booting a Live CD and running the tools from there is your best option since this will boot a (presumably) untainted kernel.

msantinho

06-08-2007 03:42 AM

Quote:

I know it is on my machine

How do you know that? what are the evidences of that? Someone told you? someone showed it to you?

All times are GMT -5. The time now is 03:12 PM.