sourCEntral - mobile manpages

pdf

UNHIDE

NAME

unhide — forensic tool to find hidden processes

SYNOPSIS

unhide-linux26 proc | sys | brute

unhide-posix proc | sys

DESCRIPTION

unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using three techniques:

The proc technique consists of comparing /proc with the output of /bin/ps.

The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.

The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.

SEE ALSO

unhide-tcp (8).

AUTHOR

This manual page was written by Francois Marier francois AT debian DOT org for the Debian system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 any later version published by the Free Software Foundation.

On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.

pdf