Script to kill suspicious processes

I wrote a little script a while ago that might be of interest. It basically kills all processes on a server that doesn't match criteria for allowed processes.

You can whitelist based on username, process name and uid range. Processes are given a few minutes grace time so that short lived ones (like ls, mkdir etc etc) doesn't get killed

The idea is that this will stop users from running their own daemons, as well as stop lame php exploits that slip through mod_security (that i hope you're all using nowadays!) from being able to spread (much). You need to be running suphp or suexec or similar that breaks those processes away from apache though.

If anybody wants to take a look at it I'll make it look a little nicer and post an url.

 

 

 

 

Top