- Name: unhide
- Version: 20110113
- Release: 1.mga1
- Epoch:
- Group: System/Configuration/Other
- License: GPLv3+
- Url: http://www.unhide-forensics.info/
- Summary: Tool to find hidden processes and TCP/UDP ports from rootkits
- Architecture: x86_64
- Size: 36908
- Distribution: Mageia
- Vendor: Mageia.Org
- Packager: Mageia Team <http://www.mageia.org>
Description:
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using six techniques:
- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.
Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.
- BuildArch:
- ExcludeArch:
- ExclusiveArch:
- Cookie: ecosse 1297195459
- Buildhost: ecosse
Generated packages:
Other version of this rpm: