1UNHIDE(8) System Manager's Manual UNHIDE(8)
2
3
4
6 unhide — forensic tool to find hidden processes
7
9 unhide proc | sys | brute
10
12 unhide is a forensic tool to find processes hidden by rootkits, Linux
13 kernel modules or by other techniques. It detects hidden processes
14 using three techniques:
15
16 The proc technique consists of comparing /proc with the output of
17 /bin/ps.
18
19 The sys technique consists of comparing information gathered from
20 /bin/ps with information gathered from system calls.
21
22 The brute technique consists of bruteforcing the all process IDs.
23
25 unhide-tcp (8).
26
28 This manual page was written by Francois Marier francois@debian.org for
29 the Debian system (but may be used by others). Permission is granted
30 to copy, distribute and/or modify this document under the terms of the
31 GNU General Public License, Version 3 any later version published by
32 the Free Software Foundation.
33
34
35 On Debian systems, the complete text of the GNU General Public License
36 can be found in /usr/share/common-licenses/GPL.
37
38
39
40
41 UNHIDE(8)