- Name: unhide
- Version: 20110113
- Release: 1.mga1
- Epoch:
- Group: System/Configuration/Other
- License: GPLv3+
- Url: http://www.unhide-forensics.info/
- Summary: Tool to find hidden processes and TCP/UDP ports from rootkits
- Architecture: i586
- Size: 50296
- Distribution: Mageia
- Vendor: Mageia.Org
- Packager: Mageia Team <http://www.mageia.org>
Description:
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using six techniques:
- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.
Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.
- OptFlags: -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables
- Cookie: jonund 1297195458
- Buildhost: jonund
Sources packages:
Other version of this rpm: