Source: unhide
Section: admin
Priority: optional
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Uploaders:
Build-Depends: debhelper-compat (= 12)
Standards-Version: 4.4.1
Rules-Requires-Root: no
Homepage: http://www.unhide-forensics.info
Vcs-Browser: https://salsa.debian.org/pkg-security-team/unhide
Vcs-Git: https://salsa.debian.org/pkg-security-team/unhide.git

Package: unhide
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Suggests: rkhunter
Description: Forensic tool to find hidden processes and ports
 Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
 rootkits, Linux kernel modules or by other techniques. It includes two
 utilities: unhide and unhide-tcp.
 .
 unhide detects hidden processes using the following six techniques:
   * Compare /proc vs /bin/ps output
   * Compare info gathered from /bin/ps with info gathered by walking thru the
     procfs.
   * Compare info gathered from /bin/ps with info gathered from syscalls
     (syscall scanning).
   * Full PIDs space occupation (PIDs bruteforcing)
   * Reverse search, verify that all thread seen by ps are also seen by the
     kernel (/bin/ps output vs /proc, procfs walking and syscall)
   * Quick compare /proc, procfs walking and syscall vs /bin/ps output
 .
 unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
 /bin/netstat through brute forcing of all TCP/UDP ports available.
 .
 This package can be used by rkhunter in its daily scans.
 .
 This package is useful for network security checks, in addition to forensics
 investigations.