[Bug 469843] New: Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
bugzilla at redhat.com
bugzilla at redhat.com
Tue Nov 4 12:07:40 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
https://bugzilla.redhat.com/show_bug.cgi?id=469843
Summary: Review Request: unhide - Tool to find hidden processes
and TCP/UDP ports from rootkits
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: Package Review
AssignedTo: nobody at fedoraproject.org
ReportedBy: rakesh.pandit at gmail.com
QAContact: extras-qa at fedoraproject.org
CC: notting at redhat.com, fedora-package-review at redhat.com
Estimated Hours: 0.0
Classification: Fedora
Description:
SPEC: http://rakesh.fedorapeople.org/spec/unhide.spec
SRPM: http://rakesh.fedorapeople.org/srpm/unhide-20080519-1.fc10.src.rpm
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list