unhide-20110113-2-rosa2014.1.i586.rpm


Advertisement

Description

unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

Property Value
Distribution ROSA 2014.1
Repository ROSA Contrib i586
Package name unhide
Package version 20110113
Package release 2-rosa2014.1
Package architecture i586
Package type rpm
Installed size 52.82 KB
Download size 25.07 KB
Official Mirror mirror.rosalab.ru
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using six techniques:
- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.
Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.

Alternatives

Package Version Architecture Repository
unhide-20130526-2-rosa2014.1.i586.rpm 20130526 i586 ROSA Contrib Updates
unhide-20130526-2-rosa2014.1.x86_64.rpm 20130526 x86_64 ROSA Contrib Updates
unhide-20110113-2-rosa2014.1.x86_64.rpm 20110113 x86_64 ROSA Contrib
unhide - - -

Requires

Name Value
libc.so.6 -
libc.so.6(GLIBC_2.0) -
libc.so.6(GLIBC_2.1) -
libc.so.6(GLIBC_2.3) -
libc.so.6(GLIBC_2.3.4) -
libc.so.6(GLIBC_2.4) -
libpthread.so.0 -
libpthread.so.0(GLIBC_2.0) -
libpthread.so.0(GLIBC_2.1) -

Provides

Name Value
unhide == 20110113-2:2014.1

Download

Type URL
Binary Package unhide-20110113-2-rosa2014.1.i586.rpm
Source Package unhide-20110113-2.src.rpm

Install Howto

  1. Enable ROSA Contrib repository on Install and Remove Software
  2. Update packages list:
    # urpmi.update -a
  3. Install unhide rpm package:
    # urpmi unhide

Files

Path
/usr/sbin/unhide
/usr/sbin/unhide-linux26
/usr/sbin/unhide-tcp
/usr/share/doc/unhide/LEEME.txt
/usr/share/doc/unhide/README.txt
/usr/share/doc/unhide/changelog
/usr/share/man/man8/unhide-linux26.8.xz
/usr/share/man/man8/unhide-tcp.8.xz
/usr/share/man/man8/unhide.8.xz

Changelog

2014-07-25 - Denis Silakov <denis.silakov@rosalab.ru> 20110113-2
+ Revision: b93e6c6
- MassBuild#464: Increase release tag

See Also

Package Description
uniconvertor-1.1.5-5-rosa2014.1.i586.rpm Universal vector graphics translator
unignuplot-2.0-9-rosa2014.1.noarch.rpm Simplify the command line interface with GNUPlot
unimrcp-1.0.0-3-rosa2014.1.i586.rpm Media Resource Control Protocol Stack
unison-2.40.102-2-rosa2014.1.i586.rpm File-synchronization tool for Unix and Windows
unity-asset-pool-0.8.23-2-rosa2014.1.noarch.rpm Pool of assets for Unity (icons)
unix2dos-2.2-11-rosa2014.1.i586.rpm Unix2dos - UNIX to DOS text file format converter
unixcw-3.1.1-1-rosa2014.1.i586.rpm Shared library for Morse programs
unknown-horizons-2013.2-2-rosa2014.1.noarch.rpm A popular economy and city building 2D RTS game
unknown-horizons-data-2013.2-2-rosa2014.1.noarch.rpm Games data for the unknown-horizons game
unpackssi-20030612-2-rosa2014.1.i586.rpm .SSI File Unpacker
unpaper-0.4.2-2-rosa2014.1.i586.rpm Post-processing scanned and photocopied book pages
unrtf-0.21.2-2-rosa2014.1.i586.rpm RTF to other formats converter
unsermake-0.4-6-rosa2014.1.noarch.rpm Buildsystem utility to supersed auto* tools
unshield-1.0-1-rosa2014.1.i586.rpm A program to extract InstallShield cabinet files
untie-0.4-0.1.git14b92c7-rosa2014.1.i586.rpm Process namespace creator
Advertisement
Advertisement