| Paketname | unhide |
| Beschreibung | Forensic tool to find hidden processes and ports |
| Archiv/Repository | Offizielles Debian Archiv squeeze (main) |
| Version | 20100201-1 |
| Sektion | admin |
| Priorität | extra |
| Installierte Größe | 1668 Byte |
| Hängt ab von | |
| Empfohlene Pakete | |
| Paketbetreuer | Debian Forensics |
| Quelle | |
| Paketgröße | 769998 Byte |
| Prüfsumme MD5 | 1caf15d8b5831ecd94e0d366d83eb8af |
| Prüfsumme SHA1 | 8ff43679a65a0f5d1dfbb09a7d70880fa1f1deef |
| Prüfsumme SHA256 | 2566078dd59e4228d27cfb769be341bea5fb00bfe2f3430b636aa571d402e410 |
| Link zum Herunterladen | unhide_20100201-1_i386.deb |
| Ausführliche Beschreibung | Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using three techniques:
* comparing the output of /proc and /bin/ps
* comparing the information gathered from /bin/ps with the one gathered from
system calls (syscall scanning)
* full scan of the process ID space (PIDs bruteforcing)
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
|