Packages and Binaries:
unhide.rb
Unhide.rb is a forensics tool to find processes hidden by rootkits.
It looks for active processes in many different ways. Processes found by some means but not others are considered to be “hidden”, and are reported to the user.
Unhide.rb is a tentative of rewrite in Ruby of the original Unhide, which is written in C. While being much faster, it does not implement all the diagnostics of the original version. It is also less secure as it cannot be statically compiled.
This package can be used by rkhunter in its daily scans.
Installed size: 32 KB
How to install: sudo apt install unhide.rb
Dependencies:
- procps
- ruby
unhide.rb
Scans system for hidden processes and lists any hits on stderr.
root@kali:~# man unhide.rb
unhide.rb(8) unhide.rb - Finder of hidden processes unhide.rb(8)
NAME
unhide.rb - Scans system for hidden processes and lists any hits on
stderr.
SYNOPSIS
unhide.rb
DESCRIPTION
Scans the system for hidden processes.
Progress messages are printed on stdout and can be redirected to
/dev/null.
Error diagnostics and information about any hidden processes found is
printed to stderr.
OPTIONS
unhide.rb takes no options
EXIT STATUS
0 No hidden processes found
1 Something went wrong during scanning
2 One or more hidden processes were detected
BUGS
Report bugs to <[email protected]> or <https://bugs.launch-
pad.net/unhide.rb>.
LICENSING
unhide.rb is licensed under the GPL-3, copyright Johan Walles <jo-
[email protected]>.
SEE ALSO
rkhunter(8)
The unhide.rb home page: <http://launchpad.net/unhide.rb>
NOTES
unhide.rb is a Ruby port of unhide. When it was first written, the
Ruby port was about 10x faster than the original C program and had much
better diagnostics when hidden processes were found. The original un-
hide program can be found at <http://www.unhide-forensics.info/>.
March 2011 unhide.rb(8)
Updated on: 2022-Aug-05