unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

Property Value
Distribution ROSA Enterprise Desktop
Repository ROSA Contrib Updates x86_64
Package name unhide
Package version 20110113
Package release 1-rosa.lts2012.0
Package architecture x86_64
Package type rpm
Installed size 58.70 KB
Download size 24.72 KB
Official Mirror mirror.rosalab.ru
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using six techniques:
- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.
Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.


Package Version Architecture Repository
unhide-20110113-1-rosa.lts2012.0.i586.rpm 20110113 i586 ROSA Contrib Updates
unhide - - -


Name Value
libc.so.6()(64bit) -
libc.so.6(GLIBC_2.2.5)(64bit) -
libc.so.6(GLIBC_2.3)(64bit) -
libc.so.6(GLIBC_2.3.4)(64bit) -
libc.so.6(GLIBC_2.4)(64bit) -
libpthread.so.0()(64bit) -
libpthread.so.0(GLIBC_2.2.5)(64bit) -


Name Value
unhide == 20110113-1:2012.0


Type URL
Binary Package unhide-20110113-1-rosa.lts2012.0.x86_64.rpm
Source Package unhide-20110113-1.src.rpm

Install Howto

  1. Enable ROSA Contrib Updates repository on Install and Remove Software
  2. Update packages list:
    # urpmi.update -a
  3. Install unhide rpm package:
    # urpmi unhide




2011-02-08 - Jani V?limaa <wally@mandriva.org> 20110113-1mdv2011.0
+ Revision: 636928
- new version 20110113
- fix url and source tags
2010-11-14 - Jani V?limaa <wally@mandriva.org> 20100819-2mdv2011.0
+ Revision: 597542
- build with LDFLAGS
- add symlink for man page too
2010-09-25 - Jani V?limaa <wally@mandriva.org> 20100819-1mdv2011.0
+ Revision: 580960
- new version 20100819
- fix license and description
2010-08-02 - Jani V?limaa <wally@mandriva.org> 20100201-1mdv2011.0
+ Revision: 565116
- fix source tag
- import unhide

See Also

Package Description
unignuplot-2.0-8-rosa.lts2012.0.noarch.rpm Simplify the command line interface with GNUPlot
unimrcp-0.1798-4-rosa.lts2012.0.x86_64.rpm Media Resource Control Protocol Stack
unison-2.40.61-1-rosa.lts2012.0.x86_64.rpm File-synchronization tool for Unix and Windows
unix2dos-2.2-10-rosa.lts2012.0.x86_64.rpm Unix2dos - UNIX to DOS text file format converter
unpackssi-20030612-1-rosa.lts2012.0.x86_64.rpm .SSI File Unpacker
unpaper-0.3-3-rosa.lts2012.0.x86_64.rpm Post-processing scanned and photocopied book pages
unrtf-0.21.1-8-rosa.lts2012.0.x86_64.rpm RTF to other formats converter
unsermake-0.4-5-rosa.lts2012.0.noarch.rpm Buildsystem utility to supersed auto* tools
unshield-0.6-4-rosa.lts2012.0.x86_64.rpm A program to extract InstallShield cabinet files
unvanquished-data-0.15.0-1-rosa.lts2012.0.noarch.rpm Sci-fi RTS and FPS game
unvanquished-maps-0.15.0-1-rosa.lts2012.0.noarch.rpm Sci-fi RTS and FPS game
up-0.3-12-rosa.lts2012.0.x86_64.rpm Displays the uptime in a human readable format
updateads-1.0-5-rosa.lts2012.0.noarch.rpm Update BIND ad server listings
upnp-inspector-0.2.2-2-rosa.lts2012.0.x86_64.rpm An UPnP Device and Service analyzer
upse-1.0.0-5-rosa.lts2012.0.x86_64.rpm Playstation sound emulator