|
|
| Distribution |
Debian unstable |
| Abteilung |
admin |
| Quelle |
unhide |
| Version |
20100201-1 |
| Maintainer |
Debian Forensics <forensics-devel@lists.alioth.debian.org>
|
| Beschreibung |
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using three techniques:
* comparing the output of /proc and /bin/ps
* comparing the information gathered from /bin/ps with the one gathered from
system calls (syscall scanning)
* full scan of the process ID space (PIDs bruteforcing)
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
|
| Vorgeschlagen | rkhunter |
| Offizielle Seiten |
Paket
Entwicklerinformationen
Bugs (Binärpaket)
Bugs (Quellpaket) |
| Download |
amd64 |
|
|
|
