Re: Hidden processes....or not....using unhide package
On 13/04/2008, NN_il_Confusionario <pinkof.pallus@tiscalinet.it> wrote:
On Sun, Apr 13, 2008 at 02:41:55PM +0100, Robin wrote:
> unhide proc :- Which gives intermittent hidden processes
> unhide sys :- [*]Searching for Hidden processes through getsid() scanning
> Found HIDDEN PID: 16356
> [*]Searching for Hidden processes through sched_getscheduler() scanning
> Found HIDDEN PID: 17408
> unhide brute :-[*]Starting scanning using brute force against PIDS
> Found HIDDEN PID: 2216
> Found HIDDEN PID: 2503
You could also try
netatst -anp|less
unhide-tcp
If someone hacked the box, probably a net process was used to enter and
new net processes are spanned.
Moreover:
apt-cache search forensic
Linkname: Securing Debian Manual
URL: http://www.debian.org/doc/user-manuals#securing
might give further ideas
Thanks I'll investigate.
--
rob
http://www.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=82BS4ZCMFR1
Reply to: