SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE




YUM REPOSITORY

 
 

unhide rpm build for : Mandriva 2011. For other distributions click unhide.

Name : unhide
Version : 20110113 Vendor : Mandriva
Release : 1 Date : 2011-02-08 20:59:53
Group : System/Configuration/Other Source RPM : unhide-20110113-1.src.rpm
Size : 0.05 MB
Packager : Jani Välimaa < wally_mandriva_org>
Summary : Tool to find hidden processes and TCP/UDP ports from rootkits
Description :
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.

Unhide detects hidden processes using six techniques:

- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.

Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.

RPM found in directory: /mirror/carroll.cac.psu.edu/pub/linux/distributions/mandrakelinux/official/2011/i586/media/contrib/release

Content of RPM  Changelog  Provides Requires

Download
ftp.gwdg.de  unhide-20110113-1-mdv2011.0.i586.rpm
ftp.gwdg.de  unhide-20110113-1-mdv2011.0.i586.rpm
bo.mirror.garr.it  unhide-20110113-1-mdv2011.0.i586.rpm
ftp.icm.edu.pl  unhide-20110113-1-mdv2011.0.i586.rpm
ftp.icm.edu.pl  unhide-20110113-1-mdv2011.0.i586.rpm
ftp.pbone.net  unhide-20110113-1-mdv2011.0.i586.rpm
     Search for other platforms
unhide-20110113-1-mdv2011.0.sparc.rpm
unhide-20110113-1-mdv2011.0.alpha.rpm
unhide-20110113-1-mdv2011.0.ppc.rpm
unhide-20110113-1-mdv2011.0.ia64.rpm
unhide-20110113-1-mdv2011.0.s390.rpm

Provides :
unhide

Requires :
libc.so.6
libc.so.6(GLIBC_2.0)
libc.so.6(GLIBC_2.1)
libc.so.6(GLIBC_2.3)
libc.so.6(GLIBC_2.3.4)
libc.so.6(GLIBC_2.4)
libpthread.so.0
libpthread.so.0(GLIBC_2.0)
libpthread.so.0(GLIBC_2.1)
rtld(GNU_HASH)
rpmlib(PayloadIsLzma) <= 4.4.6-1


Content of RPM :
/usr/sbin/unhide
/usr/sbin/unhide-linux26
/usr/sbin/unhide-tcp
/usr/share/doc/unhide
/usr/share/doc/unhide/LEEME.txt
/usr/share/doc/unhide/README.txt
/usr/share/doc/unhide/changelog
/usr/share/man/man8/unhide-linux26.8.xz
/usr/share/man/man8/unhide-tcp.8.xz
/usr/share/man/man8/unhide.8.xz