Bug#624694: Please try unhide.rb

Sun Jan 6 19:21:27 UTC 2013

Hi Xiscu!

That's not unhide.rb.

Do "apt-get install unhide.rb", then run "unhide.rb".

Then post the result of that.

  Regards //Johan

2013/1/6 xiscu <xiscu at email.de>

> I'm not sure if I have to forward that to you. Sorry if not!
> I got :
>
> -------------
>
> Thank you for the additional information you have supplied regarding
> this Bug report.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message has not been forwarded to the package maintainers or
> other interested parties; you should ensure that the developers are
> aware of the problem you have entered into the system - preferably
> quoting the Bug reference number, #624694.
>
> If you wish to submit further information on this problem, please
> send it to624694-quiet at bugs.debian.org**.
>
> Please do not send mail toowner at bugs.debian.org  unless you wish
> to report a problem with the Bug-tracking system.
>
> -- 624694: http://bugs.debian.org/cgi-**bin/bugreport.cgi?bug=624694<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624694>Debian Bug Tracking System Contact
> owner at bugs.debian.org with problems -----------------
>
>
>
> -------- Original Message --------
> Subject:        Bug#624694: Please try unhide.rb
> Resent-Date:    Sat, 05 Jan 2013 13:45:04 +0000
> Resent-From:    Debian BTS <debbugs at buxtehude.debian.org>
> Resent-To:      xiscu <xiscu at email.de>
> Date:   Sat, 05 Jan 2013 14:43:50 +0100
> From:   xiscu <xiscu at email.de>
> Reply-To:       xiscu <xiscu at email.de>, 624694-quiet at bugs.debian.org
> To:     624694-quiet at bugs.debian.org
> CC:     624694-submitter at bugs.debian.**org<624694-submitter at bugs.debian.org>
>
>
>
> On 01/04/2013 03:51 PM, Johan Walles wrote:
>
>>  Hi!
>>
>>  Can you please post the output of running unhide.rb on the same system?
>>
>>  .rb will print the name of any detected hidden processes for you.
>>
>>  Better diagnostics than the original unhide was among the design goals
>>  for unhide.rb.
>>
>>    Regards //Johan
>>
>>  I'm not sure if that what you mean with 'Unhide.rb' (see below) but the
> actual output is:
>
> ===============
> # unhide -v sys
> Unhide 20110113
> http://www.unhide-forensics.**info <http://www.unhide-forensics.info>
> [*]Searching for Hidden processes through getpriority() scanning
>
> [*]Searching for Hidden processes through getpgid() scanning
>
> [*]Searching for Hidden processes through getsid() scanning
>
> [*]Searching for Hidden processes through sched_getaffinity() scanning
>
> [*]Searching for Hidden processes through sched_getparam() scanning
>
> [*]Searching for Hidden processes through sched_getscheduler() scanning
>
> [*]Searching for Hidden processes through sched_rr_get_interval() scanning
>
> [*]Searching for Hidden processes through kill(..,0) scanning
>
> [*]Searching for Hidden processes through  comparison of results of
> system calls
>
> [*]Searching for Hidden processes through sysinfo() scanning
>
>         WARNING : info.procs changed during test : 311 (was 309)
>         WARNING : info.procs changed during test : 309 (was 311)
> HIDDEN Processes Found: 1    sysinfo.procs = 309   ps_count = 311
>
> ===============
> # find / -name '*nhide*'
> /var/lib/dpkg/info/unhide.**postinst
> /var/lib/dpkg/info/unhide.**md5sums
> /var/lib/dpkg/info/unhide.**triggers
> /var/lib/dpkg/info/unhide.list
> /usr/sbin/unhide
> /usr/sbin/unhide-tcp
> /usr/share/doc/unhide
> /usr/share/doc/lm-sensors/**examples/hotplug/unhide_ICH_**SMBus
> /usr/share/man/man8/unhide.8.**gz
> /usr/share/man/man8/unhide-**posix.8.gz
> /usr/share/man/man8/unhide-**tcp.8.gz
> /usr/share/man/man8/unhide-**linux26.8.gz
> /usr/share/man/es/man8/unhide.**8.gz
> /usr/share/man/fr/man8/unhide.**8.gz
> /usr/share/lintian/overrides/**unhide
> ===============
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/forensics-devel/attachments/20130106/72cc957e/attachment.html>