Rootkit

A rootkit: a kernel module designed to intercept system calls to hide the subversive behaviors of another program.

Components:

sneaky_process.c: A program that modifies the /etc/passwd file and loads the sneaky_mod kernel module
sneaky_mod.c: A kernel module that intercepts system calls to hide the actions of the sneay_process program

Subversive actions:

Modifying the /etc/passwd file (tracks every registered user that has access to the system)
Intercepting ls, find, cat and lsmod system commands to hide the sneaky_mod module, the sneaky_process executable and an instance of a sneaky_process program

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
.tmp_versions		.tmp_versions
.sneaky_mod.ko.cmd		.sneaky_mod.ko.cmd
.sneaky_mod.mod.cmd		.sneaky_mod.mod.cmd
.sneaky_mod.mod.o.cmd		.sneaky_mod.mod.o.cmd
.sneaky_mod.o.cmd		.sneaky_mod.o.cmd
Makefile		Makefile
Module.symvers		Module.symvers
Project5.pdf		Project5.pdf
README.md		README.md
modules.order		modules.order
sneaky_mod.c		sneaky_mod.c
sneaky_mod.ko		sneaky_mod.ko
sneaky_mod.mod		sneaky_mod.mod
sneaky_mod.mod.c		sneaky_mod.mod.c
sneaky_mod.mod.o		sneaky_mod.mod.o
sneaky_mod.o		sneaky_mod.o
sneaky_process		sneaky_process
sneaky_process.c		sneaky_process.c

Provide feedback