system/unhide: Added (utility for discovering hidden processes)

Signed-off-by: Niels Horn <niels.horn@slackbuilds.org>
author: Black Rider <black_rider@esdebian.org> 2011-08-30 22:05:18 -0300
committer: Niels Horn <niels.horn@slackbuilds.org> 2011-08-30 22:05:18 -0300
commit: 6e988a7d6c434b57c01a16711975b32d6e5b9755 (patch)
tree: 51277634060dc8f8667f0b24dda5b6ff99806374 /system/unhide/README
parent: 6c2c4eb6dba68a9f07fa74cd28e854ab8a1c7e60 (diff)
download: slackbuilds-6e988a7d6c434b57c01a16711975b32d6e5b9755.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/system/unhide/README b/system/unhide/README
new file mode 100644
index 0000000000..a5c77eb447
--- /dev/null
+++ b/system/unhide/README
@@ -0,0 +1,12 @@
+Unhide is a forensic tool to find processes and TCP/UCP ports hidden by 
+rootkits, Linux kernel modules or by other techniques. It includes unhide
+and unhide-tcp.
+
+NOTES: The SlackBuild script builds only unhide-tcp and unhide-linux26.
+The original unhide for 2.4 kernels is not built for obvious reasons.
+unhide-linux26 has been linked to "unhide", as many apps (rkhunter, for
+example) expect to find it here. This is also the solution chosen by many
+distributions.
+
+Remember to run unhide as root only. Failing to do so could result in
+a massive arrival of false positives.
author	Black Rider <black_rider@esdebian.org>	2011-08-30 22:05:18 -0300
committer	Niels Horn <niels.horn@slackbuilds.org>	2011-08-30 22:05:18 -0300
commit	6e988a7d6c434b57c01a16711975b32d6e5b9755 (patch)
tree	51277634060dc8f8667f0b24dda5b6ff99806374 /system/unhide/README
parent	6c2c4eb6dba68a9f07fa74cd28e854ab8a1c7e60 (diff)
download	slackbuilds-6e988a7d6c434b57c01a16711975b32d6e5b9755.tar.gz