[Bug 469843] New: Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

https://bugzilla.redhat.com/show_bug.cgi?id=469843

           Summary: Review Request: unhide - Tool to find hidden processes
                    and TCP/UDP ports from rootkits
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody at fedoraproject.org
        ReportedBy: rakesh.pandit at gmail.com
         QAContact: extras-qa at fedoraproject.org
                CC: notting at redhat.com, fedora-package-review at redhat.com
   Estimated Hours: 0.0
    Classification: Fedora


Description:

SPEC: http://rakesh.fedorapeople.org/spec/unhide.spec
SRPM: http://rakesh.fedorapeople.org/srpm/unhide-20080519-1.fc10.src.rpm

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.

Unhide detects hidden processes using three techniques:

 - comparing the output of /proc and /bin/ps
 - comparing the information gathered from /bin/ps with the one gathered
   from system calls (syscall scanning)
 - full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.