unhide_20110113-4_i386.deb


Advertisement

Description

unhide - Forensic tool to find hidden processes and ports

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main i386
Package name unhide
Package version 20110113
Package release 4
Package architecture i386
Package type deb
Installed size 1.13 KB
Download size 534.72 KB
Official Mirror ftp.br.debian.org
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
This package can be used by rkhunter in its daily scans.

Alternatives

Package Version Architecture Repository
unhide_20110113-4_amd64.deb 20110113 amd64 Debian Main
unhide - - -

Download

Type URL
Binary Package unhide_20110113-4_i386.deb
Source Package unhide

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install unhide deb package:
    # sudo apt-get install unhide

Files

Path
/usr/sbin/unhide
/usr/sbin/unhide-tcp
/usr/share/doc/unhide/README.Debian
/usr/share/doc/unhide/README.txt
/usr/share/doc/unhide/TODO
/usr/share/doc/unhide/changelog.Debian.gz
/usr/share/doc/unhide/changelog.gz
/usr/share/doc/unhide/copyright
/usr/share/lintian/overrides/unhide
/usr/share/man/es/man8/unhide.8.gz
/usr/share/man/fr/man8/unhide.8.gz
/usr/share/man/man8/unhide-linux26.8.gz
/usr/share/man/man8/unhide-posix.8.gz
/usr/share/man/man8/unhide-tcp.8.gz
/usr/share/man/man8/unhide.8.gz

See Also

Package Description
unhtml_2.3.9-3_i386.deb Remove the markup tags from an HTML file
uni2ascii_4.18-2_i386.deb UTF-8 to 7-bit ASCII and vice versa converter
unicode-data_6.1.0-1_all.deb Property data for the Unicode character set
unicode-screensaver_0.4-1_i386.deb screensaver displaying unicode characters
unicode_0.9.5_all.deb display unicode character properties
unicon-imc2_3.0.4-13_i386.deb Chinese Input Method Library
uniconf-tools_4.6.1-5_i386.deb Tools to interface with UniConf
uniconfd_4.6.1-5_i386.deb Server that manages UniConf elements
unicorn_4.3.1-4_i386.deb Rack HTTP server for fast clients
unifdef_2.6-1_i386.deb Remove cpp '#ifdef' lines from files
unifont-bin_5.1.20080914-1.3_i386.deb utilities for manipulating the GNU Unifont
unifont_5.1.20080914-1.3_all.deb font with a glyph for each visible Unicode 5.1 Plane 0 character
unionfs-fuse_0.24-2.2_i386.deb Fuse implementation of unionfs
unison-all-gtk_2.40+1_all.deb file synchronization tool (all GTK+ versions)
unison-all_2.40+1_all.deb file synchronization tool (all console versions)
Advertisement
Advertisement