unhide proc | sys | brute
unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using three techniques:
The proc technique consists of comparing /proc with the output of /bin/ps.
The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
The brute technique consists of bruteforcing the all process IDs.
This manual page was written by Francois Marier email@example.com for
the Debian system (but may be used by others). Permission is
granted to copy, distribute and/or modify this document under
the terms of the GNU General Public License, Version 3 any
later version published by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public
License can be found in /usr/share/common-licenses/GPL.