Pakket: unhide (20220611-1 en anderen)
Verwijzigingen voor unhide
Debian bronnen:
Het bronpakket unhide downloaden:
Beheerder:
Externe bronnen:
- Homepage [www.unhide-forensics.info]
Vergelijkbare pakketten:
forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output * Compare info gathered from /bin/ps with info gathered by walking thru the procfs. * Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). * Full PIDs space occupation (PIDs bruteforcing) * Reverse search, verify that all thread seen by ps are also seen by the kernel (/bin/ps output vs /proc, procfs walking and syscall) * Quick compare /proc, procfs walking and syscall vs /bin/ps output
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
This package can be used by rkhunter in its daily scans.
This package is useful for network security checks, in addition to forensics investigations.
Andere aan unhide gerelateerde pakketten
|
|
|
|
-
- dep: iproute2
- networking and traffic control tools
-
- dep: libc6 (>= 2.33) [sparc64]
- GNU C Bibliotheek: Gedeelde bibliotheken
Ook een virtueel pakket geboden door: libc6-udeb
- dep: libc6 (>= 2.34) [niet alpha, arm64, ia64, sparc64]
- dep: libc6 (>= 2.38) [arm64]
-
- dep: libc6.1 (>= 2.33) [alpha, ia64]
- GNU C Bibliotheek: Gedeelde bibliotheken
Ook een virtueel pakket geboden door: libc6.1-udeb
-
- dep: lsof
- utility to list open files
-
- dep: net-tools
- NET-3 networking toolkit
-
- dep: procps
- /proc file system utilities
-
- dep: psmisc
- utilities that use the proc file system
-
- sug: rkhunter
- rootkit, backdoor, sniffer and exploit scanner
unhide downloaden
Platform | Versie | Pakketgrootte | Geïnstalleerde grootte | Bestanden |
---|---|---|---|---|
alpha (unofficial port) | 20220611-1 | 58,5 kB | 328,0 kB | [overzicht] |
amd64 | 20220611-1 | 56,8 kB | 167,0 kB | [overzicht] |
arm64 | 20220611-1+b1 | 55,1 kB | 325,0 kB | [overzicht] |
armel | 20220611-1 | 55,3 kB | 323,0 kB | [overzicht] |
armhf | 20220611-1 | 55,5 kB | 323,0 kB | [overzicht] |
hppa (unofficial port) | 20220611-1 | 55,4 kB | 142,0 kB | [overzicht] |
i386 | 20220611-1 | 58,2 kB | 159,0 kB | [overzicht] |
ia64 (unofficial port) | 20220611-1 | 62,7 kB | 199,0 kB | [overzicht] |
m68k (unofficial port) | 20220611-1 | 56,8 kB | 147,0 kB | [overzicht] |
mips64el | 20220611-1 | 57,1 kB | 331,0 kB | [overzicht] |
ppc64 (unofficial port) | 20220611-1 | 59,9 kB | 519,0 kB | [overzicht] |
ppc64el | 20220611-1 | 60,6 kB | 518,0 kB | [overzicht] |
riscv64 | 20220611-1+b1 | 56,8 kB | 145,0 kB | [overzicht] |
s390x | 20220611-1 | 55,5 kB | 154,0 kB | [overzicht] |
sh4 (unofficial port) | 20220611-1 | 60,6 kB | 324,0 kB | [overzicht] |
sparc64 (unofficial port) | 20220611-1 | 55,2 kB | 4.171,0 kB | [overzicht] |
x32 (unofficial port) | 20220611-1 | 56,8 kB | 147,0 kB | [overzicht] |