[Forensics-changes] [SCM] Forensic tool to find hidden processes and ports branch, debian, updated. debian/20080519-4-18-g91f8a45
Daniel Baumann
daniel at debian.org
Tue Jul 28 13:48:30 UTC 2009
The following commit has been merged in the debian branch:
commit 0cad73d2d1aa0d19b0f49e3c7a44cd01c9d86768
Author: Daniel Baumann <daniel at debian.org>
Date: Tue Jul 28 15:23:12 2009 +0200
Rewrapping README.Debian.
diff --git a/debian/unhide.README.Debian b/debian/unhide.README.Debian
index 564a9ae..370c411 100644
--- a/debian/unhide.README.Debian
+++ b/debian/unhide.README.Debian
@@ -1,26 +1,25 @@
unhide for Debian
-----------------
-These utilities are meant to be run as root, otherwise, they will miss certain things or
-report false positives.
+These utilities are meant to be run as root, otherwise, they will miss certain
+things or report false positives.
+False positives
+---------------
-False positives
-----------------
+Grsecurity kernels seem to reserver PIDs 300 to 499. They will be reported when
+using unhide's brute-forcing method.
-Grsecurity kernels seem to reserver PIDs 300 to 499. They will be reported when using
-unhide's brute-forcing method.
-
-Some applications can start listening on a port between the time that unhide gets the
-list of open ports in /bin/netstat and the time when it brute-forces ports. Run it a few
-times to make sure that it's not a permanent port.
+Some applications can start listening on a port between the time that unhide
+gets the list of open ports in /bin/netstat and the time when it brute-forces
+ports. Run it a few times to make sure that it's not a permanent port.
Non-Linux 2.6 kernels
-----------------------
+---------------------
-If you want to run unhide on a kernel other than Linux 2.6, make the unhide-posix program
-the default:
+If you want to run unhide on a kernel other than Linux 2.6, make the
+unhide-posix program the default:
- update-alternatives --config unhide
+ # update-alternatives --config unhide
-- Francois Marier <francois at debian.org> Thu, 06 Dec 2007 16:59:30 +1300
--
Forensic tool to find hidden processes and ports
More information about the forensics-changes
mailing list