unhide 20130526-3 source package in Ubuntu
Changelog
unhide (20130526-3) unstable; urgency=medium
* Team upload.
* debian/rules: modified to initialize $(CC) properly. Thanks
to Helmut Grohne <email address hidden>. (Closes: #847488)
-- Joao Eriberto Mota Filho <email address hidden> Sat, 15 Dec 2018 14:01:03 -0200
Upload details
- Uploaded by:
- Debian Security Tools
- Uploaded to:
- Sid
- Original maintainer:
- Debian Security Tools
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| unhide_20130526-3.dsc | 1.8 KiB | f88edc4cebe5513653673cf61622aaba121cdff8254a6cb52cb025b920dbb20e |
| unhide_20130526.orig.tar.gz | 58.2 KiB | 4ef970e0cc1366c19601fd5c98d90c7e7fb868f047115367b819ecfed7740b31 |
| unhide_20130526-3.debian.tar.xz | 6.5 KiB | 8cf7bc1bcf5598f79269df71a4810187496e9f1a99bebf63dcb797baec5154d6 |
Available diffs
- diff from 20130526-2 to 20130526-3 (763 bytes)
No changes file available.
Binary packages built by this source
- unhide: Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
.
This package is useful for network security checks, in addition to forensics
investigations.
- unhide-dbgsym: debug symbols for unhide
