Kod: Markera allt
$ dpkg-query -S /usr/sbin/unhide
unhide: /usr/sbin/unhide
$ apt-cache show unhide
Package: unhide
Priority: extra
Section: universe/admin
Installed-Size: 1916
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
Original-Maintainer: Francois Marier <francois@debian.org>
Architecture: amd64
Version: 20080519-2
Suggests: rkhunter
Filename: pool/universe/u/unhide/unhide_20080519-2_amd64.deb
Size: 832280
MD5sum: 0fe00b3da67da35bcee9b6f26017508b
SHA1: 766ad1dbf47b579ae3e6ff4aedfb35be7ab26c9a
SHA256: 15c75d02ec1ec236a08e0e6a6bb7b96b355b8dfebacfe1cf690e015bed8d395e
Description: Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
Homepage: http://www.security-projects.com/?Unhide
Bugs: mailto:ubuntu-users@lists.ubuntu.com
Origin: Ubuntu
dessutom lärde jag mig nåt nytt: apt-cacheTo enable it, just remove “hidden_procs” from the DISABLE_TESTS variable in /etc/rkhunter.conf