Re: Hidden processes....or not....using unhide package

[NN_il_Confusionario <pinkof.pallus@tiscalinet.it>]

On Sun, Apr 13, 2008 at 02:41:55PM +0100, Robin wrote:
> unhide proc :- Which gives intermittent hidden processes
> unhide sys  :-  [*]Searching for Hidden processes through getsid() scanning
>                                 Found HIDDEN PID: 16356
>                 [*]Searching for Hidden processes through sched_getscheduler() scanning
>                                 Found HIDDEN PID: 17408
> unhide brute :-[*]Starting scanning using brute force against PIDS
>                                 Found HIDDEN PID: 2216
>                                 Found HIDDEN PID: 2503

You could also try 
netatst -anp|less
unhide-tcp

If someone hacked the box, probably a net process was used to enter and 
new net processes are spanned.

Moreover:

 apt-cache search forensic

   Linkname: Securing Debian Manual
        URL: http://www.debian.org/doc/user-manuals#securing

might give further ideas

-- 
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.