LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-01-2007, 07:53 AM   #1
kwhill00
LQ Newbie
 
Registered: May 2007
Posts: 1

Rep: Reputation: 0
Key Logger sniffer


Hello All,

I was wondering is there a program that I can see if there is a key logger program installed. I know it is on my machine but it does not show up in the services. Does anybody know of a way to see what it is. Thanks for your help.
 
Old 06-01-2007, 08:21 AM   #2
digitalnerds
Member
 
Registered: May 2007
Distribution: Debian
Posts: 103

Rep: Reputation: 15
Would you mind playing a bit with lsof and see what's opened on your system and what files are being used ?
Code:
man lsof
A good start would be to just type 'lsof' and put the command output into a file for later examination

Code:
lsof > openfiles.txt
lsof will show up the command name, pid, user running as, and several other infos alongside the file names a process is accessing while running. Play with it, it's a nifty tool

Regards
Andy
 
Old 06-01-2007, 08:31 AM   #3
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by kwhill00
Hello All,

I was wondering is there a program that I can see if there is a key logger program installed. I know it is on my machine but it does not show up in the services. Does anybody know of a way to see what it is. Thanks for your help.
Perhaps it is masquarading as a legitimate service? That is most likely the case...you won't see 'keylogger' showing in a process list, for example.
 
Old 06-08-2007, 02:47 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Keyloggers need to run stealthily and access hardware, so under GNU/Linux that shouldn't be userspace apps (unprivileged aka ring 3 mode) but LKM's (kernel aka ring 0). Shouldn't be hard to find tools to interrogate and/or verify kernel and module integrity. Booting a Live CD and running the tools from there is your best option since this will boot a (presumably) untainted kernel.
 
Old 06-08-2007, 03:42 AM   #5
msantinho
Member
 
Registered: Oct 2005
Location: Lisbon
Distribution: Slackware
Posts: 57

Rep: Reputation: 18
Quote:
I know it is on my machine
How do you know that? what are the evidences of that? Someone told you? someone showed it to you?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Caution: Key Logger in my Computer Israfel2000 General 22 03-08-2007 05:22 PM
Looking for a shell logger CroMagnon Linux - Software 1 09-13-2004 09:40 PM
Best File Manager & key logger psychoholic Linux - Software 5 04-18-2003 12:00 PM
Key Stroke Logger MrTheGeek Linux - Security 1 02-03-2002 01:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration