software "UNHIDE" (scaricato di norma con RKHUNTER)
Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
SCANSIONE coll'opzione "bruteforcing"
Codice: Seleziona tutto
unhide brute
Unhide 02-11-2007
yjesus@security-projects.com
[*]Starting scanning using brute force against PIDS
Found HIDDEN PID: 399
Found HIDDEN PID: 400
Found HIDDEN PID: 402
Found HIDDEN PID: 404
Found HIDDEN PID: 407
Found HIDDEN PID: 408
Found HIDDEN PID: 409
Found HIDDEN PID: 411
Found HIDDEN PID: 413
Found HIDDEN PID: 414
Found HIDDEN PID: 416
Found HIDDEN PID: 418
Found HIDDEN PID: 575
Found HIDDEN PID: 576
Found HIDDEN PID: 579
Found HIDDEN PID: 581
Found HIDDEN PID: 583
Found HIDDEN PID: 584
Found HIDDEN PID: 585
Found HIDDEN PID: 587
Found HIDDEN PID: 589
Found HIDDEN PID: 590
Found HIDDEN PID: 592
Found HIDDEN PID: 594
Found HIDDEN PID: 757
Found HIDDEN PID: 758
Found HIDDEN PID: 760
Found HIDDEN PID: 762
Found HIDDEN PID: 765
Found HIDDEN PID: 766
Found HIDDEN PID: 769
Found HIDDEN PID: 771
Found HIDDEN PID: 773
Found HIDDEN PID: 774
Found HIDDEN PID: 775
Found HIDDEN PID: 777
Found HIDDEN PID: 936
Found HIDDEN PID: 937
Found HIDDEN PID: 939
Found HIDDEN PID: 941
Found HIDDEN PID: 943
Found HIDDEN PID: 944
Found HIDDEN PID: 946
Found HIDDEN PID: 949
Found HIDDEN PID: 951
Found HIDDEN PID: 952
Found HIDDEN PID: 953
Found HIDDEN PID: 955
Found HIDDEN PID: 1114
Found HIDDEN PID: 1115
Found HIDDEN PID: 1118
Found HIDDEN PID: 1120
Found HIDDEN PID: 1122
Found HIDDEN PID: 1123
Found HIDDEN PID: 1124
Found HIDDEN PID: 1126
Found HIDDEN PID: 1128
Found HIDDEN PID: 1129
Found HIDDEN PID: 1131
Found HIDDEN PID: 1134
Found HIDDEN PID: 1298
Found HIDDEN PID: 1299
Found HIDDEN PID: 1301
Found HIDDEN PID: 1304
Found HIDDEN PID: 1306
Found HIDDEN PID: 1307
Found HIDDEN PID: 1308
Found HIDDEN PID: 1310
Found HIDDEN PID: 1312
Found HIDDEN PID: 1313
Found HIDDEN PID: 1315
Found HIDDEN PID: 1318
Found HIDDEN PID: 1478
Found HIDDEN PID: 1479
Found HIDDEN PID: 1481
Found HIDDEN PID: 1484
Found HIDDEN PID: 1486
Found HIDDEN PID: 1487
Found HIDDEN PID: 1488
Found HIDDEN PID: 1490
Found HIDDEN PID: 1492
Found HIDDEN PID: 1493
Found HIDDEN PID: 1495
Found HIDDEN PID: 1498
Found HIDDEN PID: 1658
Found HIDDEN PID: 1659
Found HIDDEN PID: 1661
Found HIDDEN PID: 1662
Found HIDDEN PID: 1664
Found HIDDEN PID: 1667
Found HIDDEN PID: 1668
Found HIDDEN PID: 1670
Found HIDDEN PID: 1673
Found HIDDEN PID: 1675
Found HIDDEN PID: 1676
Found HIDDEN PID: 1677
Found HIDDEN PID: 1679
Found HIDDEN PID: 1842
Found HIDDEN PID: 1843
Found HIDDEN PID: 1845
Found HIDDEN PID: 1847
Found HIDDEN PID: 1849
Found HIDDEN PID: 1850
Found HIDDEN PID: 1851
...... continua...
Found HIDDEN PID: 5286
Found HIDDEN PID: 5287
Found HIDDEN PID: 5289
Found HIDDEN PID: 5291
->scansione
....
Checking `lkm'... You have 2 process hidden for readdir command
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
vorrei sapere:
1) è normale?
2) c sono rimedi?
3) c si può difendere?
4) linux è VERAMENTE sicuro?
Nota: aggiornamenti fatti, modificato sudo, tmpfs, etc..
grazie.
