[ Quellcode: unhide ]
Paket: unhide (20130526-4)
Links für unhide
Trisquel-Ressourcen:
Quellcode-Paket unhide herunterladen:
Betreuer:
Original Maintainer:
- Debian Security Tools
Externe Ressourcen:
- Homepage [www.unhide-forensics.info]
Ähnliche Pakete:
Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
This package can be used by rkhunter in its daily scans.
This package is useful for network security checks, in addition to forensics investigations.
Andere Pakete mit Bezug zu unhide
|
|
|
-
- dep: libc6 (>= 2.14) [amd64]
- GNU C Library: Shared libraries
auch ein virtuelles Paket, bereitgestellt durch libc6-udeb
- dep: libc6 (>= 2.7) [armhf]
-
- sug: rkhunter
- rootkit, backdoor, sniffer and exploit scanner
unhide herunterladen
| Architektur | Paketgröße | Größe (installiert) | Dateien |
|---|---|---|---|
| amd64 | 47,7 kB | 168 kB | [Liste der Dateien] |
| armhf | 45,3 kB | 116 kB | [Liste der Dateien] |