[vlug] Fwd: [ILUG-Cochin.org] unhide

  • From: Shrinivasan T <tshrinivasan@xxxxxxxxx>
  • To: "puduvailug@xxxxxxxxxxxxx" <puduvailug@xxxxxxxxxxxxx>, "vlug@xxxxxxxxxxxxx" <vlug@xxxxxxxxxxxxx>
  • Date: Mon, 28 Nov 2011 08:15:47 +0530

---------- Forwarded message ----------
From: "aravind vijayan" <aravindvijayan224185@xxxxxxxxx>
Date: 27 Nov 2011 22:39
Subject: [ILUG-Cochin.org] unhide
To: <mailinglist@xxxxxxxxxxxxxxx>


Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.

unhide detects hidden processes using three techniques:
* comparing the output of /proc and /bin/ps
* comparing the information gathered from /bin/ps with the one gathered
from
system calls (syscall scanning)
* full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.

This package can be used by rkhunter in its daily scans.



Source : http://linuxappfinder.com/package/unhide
             http://www.unhide-forensics.info/?Linux






Registered Linux user #545296

_______________________________________________
Indian Libre User Group Cochin Mailing List
http://www.ilug-cochin.org/mailing-list/
http://mail.ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org
#ilugkochi@xxxxxxxxxxxxxxxx

Other related posts:

  • » [vlug] Fwd: [ILUG-Cochin.org] unhide - Shrinivasan T