[Forensics-changes] [SCM] Forensic tool to find hidden processes and ports branch, debian, updated. debian/20080519-4-18-g91f8a45
Daniel Baumann
daniel at debian.org
Tue Jul 28 13:48:29 UTC 2009
The following commit has been merged in the debian branch:
commit dd4c14d4f06f25ef96fb3537fccf3f8f38ae1406
Author: Daniel Baumann <daniel at debian.org>
Date: Tue Jul 28 14:51:59 2009 +0200
Reformating package long-description in control.
diff --git a/debian/control b/debian/control
index 1174714..d38cada 100644
--- a/debian/control
+++ b/debian/control
@@ -15,14 +15,14 @@ Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: rkhunter
Description: Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
- rootkits, Linux kernel modules or by other techniques. It includes two
+ rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using three techniques:
- - comparing the output of /proc and /bin/ps
- - comparing the information gathered from /bin/ps with the one gathered
- from system calls (syscall scanning)
- - full scan of the process ID space (PIDs bruteforcing)
+ * comparing the output of /proc and /bin/ps
+ * comparing the information gathered from /bin/ps with the one gathered from
+ system calls (syscall scanning)
+ * full scan of the process ID space (PIDs bruteforcing)
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
--
Forensic tool to find hidden processes and ports
More information about the forensics-changes
mailing list