Man Linux: Main Page and Category List

NAME

       unhide — forensic tool to find hidden processes

SYNOPSIS

       unhide-linux26 proc | sys | brute

       unhide-posix  proc | sys

DESCRIPTION

       unhide  is  a forensic tool to find processes hidden by rootkits, Linux
       kernel modules or by other techniques.   It  detects  hidden  processes
       using three techniques:

       The  proc  technique  consists  of  comparing  /proc with the output of
       /bin/ps.

       The sys technique  consists  of  comparing  information  gathered  from
       /bin/ps with information gathered from system calls.

       The  brute technique consists of bruteforcing the all process IDs. This
       technique is only available on Linux 2.6 kernels.

SEE ALSO

       unhide-tcp (8).

AUTHOR

       This manual page was written by Francois Marier francois@debian.org for
       the Debian system (but may be used by others). Permission is granted to
       copy, distribute and/or modify this document under the terms of the GNU
       General  Public  License,  Version 3 any later version published by the
       Free Software Foundation.

       On Debian systems, the complete text of the GNU General Public  License
       can be found in /usr/share/common-licenses/GPL.