unhide 20110113-3 source package in Ubuntu
Changelog
unhide (20110113-3) unstable; urgency=low * Make the package arch: linux-any as sysinfo system call is not available on kfreebsd * Drop some lintian overrides now that FTP Masters use lintian 2.5.0 * Update DEP-5 uri * Update package description to state all 6 techniques used to detect hidden processes -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 07 Nov 2011 10:05:34 +0000
Upload details
- Uploaded by:
- Ubuntu Archive Auto-Sync
- Uploaded to:
- Precise
- Original maintainer:
- Debian Forensics
- Architectures:
- linux-any
- Section:
- admin
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
unhide_20110113.orig.tar.gz | 34.1 KiB | f922ec7d366786556215b3a65a569110c04eaa696595c004a83ae9cc05744e74 |
unhide_20110113-3.debian.tar.gz | 4.9 KiB | a5068857be46983c911f827ffba66ab172d90357d1ccc58deb582e49c1e532bf |
unhide_20110113-3.dsc | 1.9 KiB | d7f5ad40ab45c51868061d1d9027ab07b0cd1b9be461f9ae9c9e662d8a82841a |
Available diffs
- diff from 20110113-2 to 20110113-3 (1.4 KiB)
Binary packages built by this source
- unhide: Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.