detect-running-alg-socket

live

Detect processes using AF_ALG sockets in Linux.

web•May 2, 2026

SecurityDevOps

What It Does

Details

This tool detects running processes that utilize the AF_ALG socket interface to help determine if it is safe to disable the AF_ALG kernel module. It outputs a list of processes and their file descriptors associated with AF_ALG.

Who It's For

Best fit users

•Linux system administrators
•Security professionals

Why It Matters

Why this one made the cut

AF_ALG sockets can be exploited for arbitrary page writes, making this tool crucial for identifying potential security risks before taking actions that could destabilize a system.

Differentiator

What makes it different

Offers an easy-to-use command-line interface to quickly assess the state of AF_ALG usage on Linux systems.

Sources

Where we found it

Sources

GLOBAL · Hacker NewsEN— May 2, 2026Visit →

First discovered May 2, 2026 · Hacker News