Linux systems can be compromised by the installation of hidden processes visible only from the kernel. Unhide is a generic name for a series of related commands designed to detect such processes through a toolkit of over 30 tests, most of which involve examining and comparing various elements of the system. Of all the versions, the one for Linux is by far the most developed. Originally, the Linux version was called unhide‑linux, but in Linux repositories, it is generally named simply unhide [1].
The unhide command works by scanning for inconsistencies within the parts of a Linux operating system that allow users to view what the kernel and related processes are doing. Many system elements compare /proc, the pseudo filesystem that displays information about the running system, and /bin/ps, which contains all processes currently running on the system. Others compare /bin/ps with the system calls between the Linux kernel and /bin/proc, which contains data about processes. Another compares the structure of process IDs (PIDs) with the conventional structure and size of other PIDs. These sources of information operate largely independently of each other, so differences between them may reveal an illegal intrusion. Most of them are not used by ordinary accounts, and even root should generally only view them. Consequently, unhide provides a safe glimpse into these processes that can help admins decide what future steps to take. Unusually for a Linux package, unhide consists of static dependencies, because if hidden processes exist, by definition, they cannot be detected by regular system resources. However, unhide does not take steps to remove intrusions, and any hits in the results should be checked before any response is made.
Denne historien er fra #271/June 2023: Smart Home-utgaven av Linux Magazine.
Start din 7-dagers gratis prøveperiode på Magzter GOLD for å få tilgang til tusenvis av utvalgte premiumhistorier og 9000+ magasiner og aviser.
Allerede abonnent ? Logg på
Denne historien er fra #271/June 2023: Smart Home-utgaven av Linux Magazine.
Start din 7-dagers gratis prøveperiode på Magzter GOLD for å få tilgang til tusenvis av utvalgte premiumhistorier og 9000+ magasiner og aviser.
Allerede abonnent? Logg på
Tracking your finances with plain text accounting Plain Numbers
If you're tired of tinkering with spreadsheets, using hledger and plain text accounting offers a simpler method for managing your finances without vendor lock-in
Dependency resolution with apt-get and apt Evolutionary Tale
Over the past 30 years, the apt family has played an important role in dependency resolution for Debian distros.
Cryptomining with Litecoin Traveling Lite
Although not as popular as headliners like Bitcoin and Ethereum, Litecoin is one of the oldest crytocurrencies, and it offers some useful features, such as dual-mining with Dogecoin.
Software Update SnoopGod
SnoopGod delivers an Ubuntu-based pentesting distribution with an emphasis on security education.
Kernel Trouble
This deep look at how intruders attack an out-of-date kernel should be enough to convince you of the need to stay vigilant.
Using Wake-on-LAN for a NAS backup Power Saver
Put your backup server to sleep when you don't need it and then wake it on demand using the Wake-on-LAN feature built into network adapters.
Time Travel
Mike Schilli uses a Go program to check whether a strategy for trading stocks is making gains or losses on the basis of historical price data.
URL filtering with Pi-hole Into the Funnel
Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.
Artificial intelligence on the Raspberry Pi Learning Experience
You don't need a powerful computer system to use Al. We show what it takes to benefit from Al on the Raspberry Pi and what tasks the small computer can handle.
MakerSpace Manage your greenhouse with a Raspberry Pi Pico W Sheltered Growth
You can safely assign some greenhouse tasks to a Raspberry Pi Pico W, such as controlling ventilation, automating a heater, and opening and closing windows.