Bug#624694: Output of unhide sys not so useful
xiscu
xiscu at email.de
Sat Apr 30 17:55:07 UTC 2011
Package: unhide
Version: 20100201-1
Severity: normal
The output of the command is not so useful as one would expect, at least
the name of the hide process. At the prompt:
-----------------
# unhide sys
Unhide 20100201
http://www.security-projects.com/?Unhide
[*]Searching for Hidden processes through kill(..,0) scanning
[*]Searching for Hidden processes through comparison of results of system calls
[*]Searching for Hidden processes through getpriority() scanning
[*]Searching for Hidden processes through getpgid() scanning
[*]Searching for Hidden processes through getsid() scanning
[*]Searching for Hidden processes through sched_getaffinity() scanning
[*]Searching for Hidden processes through sched_getparam() scanning
[*]Searching for Hidden processes through sched_getscheduler() scanning
[*]Searching for Hidden processes through sched_rr_get_interval() scanning
[*]Searching for Hidden processes through sysinfo() scanning
HIDDEN Processes Found: 1
---------------
Now I now that something is hidden, but no name or PID of the process and
from the manual can get a clue how one can do that.
Thanks in advance!
-- System Information:
Debian Release: 6.0.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
unhide depends on no packages.
unhide recommends no packages.
Versions of packages unhide suggests:
ii rkhunter 1.3.6-4 rootkit, backdoor, sniffer and exp
-- no debconf information
More information about the forensics-devel
mailing list