[Bug 469843] New: Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

https://bugzilla.redhat.com/show_bug.cgi?id=469843

           Summary: Review Request: unhide - Tool to find hidden processes
                    and TCP/UDP ports from rootkits
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody@xxxxxxxxxxxxxxxxx
        ReportedBy: rakesh.pandit@xxxxxxxxx
         QAContact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: notting@xxxxxxxxxx, fedora-package-review@xxxxxxxxxx
   Estimated Hours: 0.0
    Classification: Fedora


Description:

SPEC: http://rakesh.fedorapeople.org/spec/unhide.spec
SRPM: http://rakesh.fedorapeople.org/srpm/unhide-20080519-1.fc10.src.rpm

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.

Unhide detects hidden processes using three techniques:

 - comparing the output of /proc and /bin/ps
 - comparing the information gathered from /bin/ps with the one gathered
   from system calls (syscall scanning)
 - full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]