1UNHIDE(8)                   System Manager's Manual                  UNHIDE(8)
2
3
4

NAME

6       unhide — forensic tool to find hidden processes
7

SYNOPSIS

9       unhide proc | sys | brute
10

DESCRIPTION

12       unhide  is  a forensic tool to find processes hidden by rootkits, Linux
13       kernel modules or by other techniques.   It  detects  hidden  processes
14       using three techniques:
15
16       The  proc  technique  consists  of  comparing  /proc with the output of
17       /bin/ps.
18
19       The sys technique  consists  of  comparing  information  gathered  from
20       /bin/ps with information gathered from system calls.
21
22       The brute technique consists of bruteforcing the all process IDs.
23

SEE ALSO

25       unhide-tcp (8).
26

AUTHOR

28       This manual page was written by Francois Marier francois@debian.org for
29       the Debian system (but may be used by others).  Permission  is  granted
30       to  copy, distribute and/or modify this document under the terms of the
31       GNU General Public License, Version 3 any later  version  published  by
32       the Free Software Foundation.
33
34
35       On  Debian systems, the complete text of the GNU General Public License
36       can be found in /usr/share/common-licenses/GPL.
37
38
39
40
41                                                                     UNHIDE(8)