|File Search||Catalog||Content Search|
unhide detects hidden processes using three techniques: * comparing the output of /proc and /bin/ps * comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) * full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
This package can be used by rkhunter in its daily scans.
unhide for Debian ----------------- These utilities are meant to be run as root, otherwise, they will miss certain things or report false positives. False positives --------------- Grsecurity kernels seem to reserver PIDs 300 to 499. They will be reported when using unhide's brute-forcing method. Some applications can start listening on a port between the time that unhide gets the list of open more»
UNHIDE-TCP(8) UNHIDE-TCP(8) NAME unhide-tcp — forensic tool to find hidden TCP/UDP ports SYNOPSIS unhide-tcp DESCRIPTION unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available. SEE ALSO unhide (8 more»
UNHIDE(8) UNHIDE(8) NAME unhide — forensic tool to find hidden processes SYNOPSIS unhide-linux26 proc | sys | brute unhide-posix proc | sys DESCRIPTION unhide is a forensic tool to find processes hidden by rootk‐ its, Linux kernel modules or by other techniques. It detects hidden processes using more»
unhide (20080519-6) unstable; urgency=low * Setting uploaders to Christophe. -- Daniel Baumann more»
Author: Yago Jesus <firstname.lastname@example.org> Download: http://www.security-projects.com/?Unhide more»