unhide -- 找出隱藏的程序process及埠號port

unhide -- forensic tool to find hidden processes

http://www.unhide-forensics.info/

用法 : unhide proc | sys | brute

The proc technique consists of comparing /proc with the output of /bin/ps.

The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.

The brute technique consists of bruteforcing the all process IDs.

centos 5.x 可以yum 安裝

unhide 另一工具是 unhide-tcp ，找 tcp/udp port 的

找出來的port，可以再用

netstat -tulpn | grep 1111 及 ss -l | grep 1111 查詢

[閱讀全文]