All posts by Ala'a Ibrahim

My Name is Ala'a, I'm a Jordanian citizen, and I live there too. I'm a Senior Web Developer in a very known company,I have hobbies, other than coding :P , like most of the people, I'm a Bassist, which means I play Bass Guitar, also I admire walking, it's my ultimate hobby. If you want to know more about me you can take a look at my Blog.

checkPTS: A script to detect if someone is trying to hide his presence on the server

I added a new script to the repo “ala-scripts” called checkPTS. This script is to check if any logged in user tried to hide his status by removing his entry from utmp, so if you are online, and you type “w” to check for logged in users, you wouldn’t see him.

This method is used by a lot of hackers (I mean the ones that try to gain illegal access to your box) to hide there presence.

When this happens, the script issues a bunch of commands, and add some log files and send that to me by email (using mutt).

Please if anybody finds an issue in that file, please send me, either here or on github.