File: control

package info (click to toggle)
unhide 20240510-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 620 kB
  • sloc: ansic: 3,441; python: 419; sh: 176; makefile: 23
file content (78 lines) | stat: -rw-r--r-- 2,925 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
Source: unhide
Section: admin
Priority: optional
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Build-Depends: debhelper-compat (= 13)
Standards-Version: 4.7.2
Rules-Requires-Root: no
Homepage: https://www.unhide-forensics.info
Vcs-Browser: https://salsa.debian.org/pkg-security-team/unhide
Vcs-Git: https://salsa.debian.org/pkg-security-team/unhide.git

Package: unhide
Architecture: any
Depends:
 ${misc:Depends},
 ${shlibs:Depends},
 iproute2,
 lsof,
 psmisc,
 procps
Suggests: rkhunter
Description: forensic tool to find hidden processes and ports
 Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
 rootkits, Linux kernel modules or by other techniques. It includes two
 utilities: unhide and unhide-tcp.
 .
 unhide detects hidden processes using the following six techniques:
   * Compare /proc vs /bin/ps output
   * Compare info gathered from /bin/ps with info gathered by walking thru the
     procfs.
   * Compare info gathered from /bin/ps with info gathered from syscalls
     (syscall scanning).
   * Full PIDs space occupation (PIDs bruteforcing)
   * Reverse search, verify that all thread seen by ps are also seen by the
     kernel (/bin/ps output vs /proc, procfs walking and syscall)
   * Quick compare /proc, procfs walking and syscall vs /bin/ps output
 .
 unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
 /bin/netstat through brute forcing of all TCP/UDP ports available.
 .
 This package can be used by rkhunter in its daily scans.
 .
 This package is useful for network security checks, in addition to forensics
 investigations.

Package: unhide-gui
Architecture: any
Depends:
 ${misc:Depends},
 ${shlibs:Depends},
 python3,
 python3-tk,
 unhide
Replaces: unhide (= 20210124-2)
Breaks: unhide (= 20210124-2)
Description: graphical user interface for unhide
 This package unhide-gui provides a graphical user interface for unhide.
 .
 Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
 rootkits, Linux kernel modules or by other techniques. It includes two
 utilities: unhide and unhide-tcp.
 .
 unhide detects hidden processes using the following six techniques:
   * Compare /proc vs /bin/ps output
   * Compare info gathered from /bin/ps with info gathered by walking thru the
     procfs.
   * Compare info gathered from /bin/ps with info gathered from syscalls
     (syscall scanning).
   * Full PIDs space occupation (PIDs bruteforcing)
   * Reverse search, verify that all thread seen by ps are also seen by the
     kernel (/bin/ps output vs /proc, procfs walking and syscall)
   * Quick compare /proc, procfs walking and syscall vs /bin/ps output
 .
 unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
 /bin/netstat through brute forcing of all TCP/UDP ports available.
 .
 This package is useful for network security checks, in addition to forensics
 investigations.