LinuxQuestions.org
Support LQ: Use code LQCO20 and save 20% on CrossOver Office
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page unhide "intermittent activity" warning. What is this?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-03-2011, 07:33 AM   #1
nokangaroo
Member
 
Registered: Nov 2009
Posts: 102

Rep: Reputation: 16
unhide "intermittent activity" warning. What is this?

I just ran unhide sys and got the following warning:

Warning : sysinfo test skipped due to intermittent activity

Googling this does not give anything understandable, which is suspicious because if this is a bug someone will usually experienced it already. I will keep looking but I had better ask here for information.

rkhunter and chkrootkit give nothing but the usual false positives.

Update: I just reran unhide sys several times, both online and offline, and could repeat the error once when I was offline.

Update: I just did

sudo unhide brute > ~/Desktop/proc

which gave over 300 positives (no kidding), which I tested with

#!/bin/bash
for dir in `cat ~/Desktop/proc | grep Found | awk '{print $4}'`; do
if [ -e /proc/"$dir" ]; then
echo "$dir exists"
fi
done

I did this several times, and once I had a positive (a directory in /proc that existed) whose cmdline was empty.
Last edited by nokangaroo; 12-03-2011 at 08:52 AM.
 
Old 12-04-2011, 07:44 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 21,610
Blog Entries: 47

Rep: Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413
Looking at the source code I'd say false positive but then again I haven't had any false positives with 'unhide' lately. Which version are you running? If you tried different detection switches, did these occur with all or some? (If you didn't: do try.) Or else please file a bug report with the developer.
 
Old 12-05-2011, 06:23 AM   #3
nokangaroo
Member
 
Registered: Nov 2009
Posts: 102

Original Poster
Rep: Reputation: 16
Thank you for your reply, unSpawn. I am running ubuntu natty, and the positive occurred with 2.6.38-13-generic.

unhide --version gives:
Unhide 20100201
http://www.security-projects.com/?Unhide

The positive occurred with unhide sys (if that is what you mean by detection switches).
I hear that other users of natty also have issues with suspicious activity (and power consumption problems, so the problem may be kernel related). Anyway, a bug or unfamiliar false positive in a security auditing program needs looking into.
 
Old 12-05-2011, 07:11 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 21,610
Blog Entries: 47

Rep: Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413
Latest version is unhide-20110113.tgz, do test.
 
Old 12-15-2011, 09:13 AM   #5
nokangaroo
Member
 
Registered: Nov 2009
Posts: 102

Original Poster
Rep: Reputation: 16
Thanks. Will do that.
 
Old 12-15-2011, 09:59 AM   #6
nokangaroo
Member
 
Registered: Nov 2009
Posts: 102

Original Poster
Rep: Reputation: 16
Here's the output of the new unhide, running unhide proc and unhide sys in succession, and it seems okay to the layman. (For unhide proc | sys I'll habe to install more software, and I have to look it up first). And http://www.unhide-forensics.info actually exists , though it has a poor WOT rating. If your output is comparable, I suppose we can call this solved.

(I use LXDE with nautilus as file manager, 2.6.38-13-generic).

Code:
Unhide 20110113
http://www.unhide-forensics.info

[*]Searching for Hidden processes through /proc scanning

Found HIDDEN PID: 849
Command: rsyslogd

Found HIDDEN PID: 850
Command: rsyslogd

Found HIDDEN PID: 972
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 986
Command: NetworkManager

Found HIDDEN PID: 987
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 988
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 989
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 990
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 991
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 992
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 993
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 994
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 995
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 996
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 997
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 998
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 999
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1000
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1001
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1002
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1003
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1004
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1006
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1007
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1008
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1009
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1010
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1011
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1012
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1013
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1014
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1015
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1016
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1017
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1018
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1019
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1020
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1021
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1022
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1023
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1024
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1025
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1026
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1027
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1028
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1029
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1030
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1031
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1032
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1033
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1034
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1035
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1036
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1037
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1038
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1039
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1040
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1041
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1042
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1043
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1044
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1045
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1046
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1047
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1048
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1056
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1061
Command: /usr/lib/policykit-1/polkitd

Found HIDDEN PID: 1066
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1353
Command: gdm-binary

Found HIDDEN PID: 1363
Command: /usr/lib/gdm/gdm-simple-slave

Found HIDDEN PID: 1382
Command: /usr/lib/gdm/gdm-session-worker

Found HIDDEN PID: 1442
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1443
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1514
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1515
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1531
Command: /usr/sbin/clamd

Found HIDDEN PID: 1538
Command: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

Found HIDDEN PID: 1545
Command: nm-applet

Found HIDDEN PID: 1546
Command: /usr/bin/nautilus

Found HIDDEN PID: 1550
Command: lxpanel

Found HIDDEN PID: 1552
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1567
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1576
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 1981
Command: /usr/lib/upower/upowerd

Found HIDDEN PID: 1982
Command: lxpanel

Found HIDDEN PID: 2186
Command: /usr/lib/gvfs/gvfs-afc-volume-monitor

Found HIDDEN PID: 2450
Command: gnome-terminal

Found HIDDEN PID: 2453
Command: gnome-terminal

Found HIDDEN PID: 3646
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 4586
Command: rsyslogd

Found HIDDEN PID: 4755
Command: /usr/bin/nautilus

Unhide 20110113
http://www.unhide-forensics.info

[*]Searching for Hidden processes through getpriority() scanning

Found HIDDEN PID: 849
Command: rsyslogd

Found HIDDEN PID: 850
Command: rsyslogd

Found HIDDEN PID: 972
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 986
Command: NetworkManager

Found HIDDEN PID: 987
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 988
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 989
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 990
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 991
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 992
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 993
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 994
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 995
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 996
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 997
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 998
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 999
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1000
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1001
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1002
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1003
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1004
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1006
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1007
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1008
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1009
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1010
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1011
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1012
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1013
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1014
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1015
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1016
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1017
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1018
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1019
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1020
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1021
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1022
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1023
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1024
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1025
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1026
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1027
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1028
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1029
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1030
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1031
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1032
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1033
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1034
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1035
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1036
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1037
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1038
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1039
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1040
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1041
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1042
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1043
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1044
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1045
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1046
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1047
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1048
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1056
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1061
Command: /usr/lib/policykit-1/polkitd

Found HIDDEN PID: 1066
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1353
Command: gdm-binary

Found HIDDEN PID: 1363
Command: /usr/lib/gdm/gdm-simple-slave

Found HIDDEN PID: 1382
Command: /usr/lib/gdm/gdm-session-worker

Found HIDDEN PID: 1442
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1443
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1514
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1515
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1531
Command: /usr/sbin/clamd

Found HIDDEN PID: 1538
Command: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

Found HIDDEN PID: 1545
Command: nm-applet

Found HIDDEN PID: 1546
Command: /usr/bin/nautilus

Found HIDDEN PID: 1550
Command: lxpanel

Found HIDDEN PID: 1552
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1567
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1576
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 1981
Command: /usr/lib/upower/upowerd

Found HIDDEN PID: 1982
Command: lxpanel

Found HIDDEN PID: 2186
Command: /usr/lib/gvfs/gvfs-afc-volume-monitor

Found HIDDEN PID: 2450
Command: gnome-terminal

Found HIDDEN PID: 2453
Command: gnome-terminal

Found HIDDEN PID: 3646
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 4586
Command: rsyslogd
[*]Searching for Hidden processes through getpgid() scanning

Found HIDDEN PID: 849
Command: rsyslogd

Found HIDDEN PID: 850
Command: rsyslogd

Found HIDDEN PID: 972
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 986
Command: NetworkManager

Found HIDDEN PID: 987
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 988
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 989
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 990
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 991
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 992
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 993
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 994
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 995
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 996
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 997
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 998
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 999
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1000
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1001
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1002
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1003
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1004
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1006
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1007
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1008
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1009
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1010
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1011
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1012
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1013
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1014
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1015
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1016
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1017
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1018
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1019
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1020
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1021
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1022
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1023
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1024
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1025
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1026
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1027
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1028
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1029
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1030
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1031
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1032
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1033
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1034
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1035
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1036
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1037
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1038
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1039
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1040
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1041
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1042
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1043
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1044
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1045
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1046
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1047
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1048
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1056
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1061
Command: /usr/lib/policykit-1/polkitd

Found HIDDEN PID: 1066
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1353
Command: gdm-binary

Found HIDDEN PID: 1363
Command: /usr/lib/gdm/gdm-simple-slave

Found HIDDEN PID: 1382
Command: /usr/lib/gdm/gdm-session-worker

Found HIDDEN PID: 1442
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1443
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1514
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1515
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1531
Command: /usr/sbin/clamd

Found HIDDEN PID: 1538
Command: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

Found HIDDEN PID: 1545
Command: nm-applet

Found HIDDEN PID: 1546
Command: /usr/bin/nautilus

Found HIDDEN PID: 1550
Command: lxpanel

Found HIDDEN PID: 1552
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1567
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1576
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 1981
Command: /usr/lib/upower/upowerd

Found HIDDEN PID: 1982
Command: lxpanel

Found HIDDEN PID: 2186
Command: /usr/lib/gvfs/gvfs-afc-volume-monitor

Found HIDDEN PID: 2450
Command: gnome-terminal

Found HIDDEN PID: 2453
Command: gnome-terminal

Found HIDDEN PID: 3646
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 4586
Command: rsyslogd

Found HIDDEN PID: 6781
Command: /usr/bin/nautilus
[*]Searching for Hidden processes through getsid() scanning

Found HIDDEN PID: 849
Command: rsyslogd

Found HIDDEN PID: 850
Command: rsyslogd

Found HIDDEN PID: 972
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 986
Command: NetworkManager

Found HIDDEN PID: 987
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 988
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 989
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 990
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 991
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 992
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 993
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 994
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 995
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 996
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 997
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 998
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 999
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1000
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1001
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1002
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1003
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1004
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1006
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1007
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1008
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1009
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1010
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1011
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1012
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1013
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1014
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1015
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1016
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1017
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1018
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1019
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1020
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1021
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1022
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1023
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1024
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1025
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1026
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1027
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1028
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1029
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1030
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1031
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1032
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1033
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1034
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1035
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1036
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1037
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1038
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1039
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1040
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1041
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1042
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1043
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1044
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1045
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1046
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1047
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1048
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1056
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1061
Command: /usr/lib/policykit-1/polkitd

Found HIDDEN PID: 1066
Command: /usr/sbin/console-kit-daemon

Found HIDDEN PID: 1353
Command: gdm-binary

Found HIDDEN PID: 1363
Command: /usr/lib/gdm/gdm-simple-slave

Found HIDDEN PID: 1382
Command: /usr/lib/gdm/gdm-session-worker

Found HIDDEN PID: 1442
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1443
Command: /usr/bin/gnome-keyring-daemon

Found HIDDEN PID: 1514
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1515
Command: /usr/lib/rtkit/rtkit-daemon

Found HIDDEN PID: 1531
Command: /usr/sbin/clamd

Found HIDDEN PID: 1538
Command: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

Found HIDDEN PID: 1545
Command: nm-applet

Found HIDDEN PID: 1546
Command: /usr/bin/nautilus

Found HIDDEN PID: 1550
Command: lxpanel

Found HIDDEN PID: 1552
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1567
Command: /usr/bin/pulseaudio

Found HIDDEN PID: 1576
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 1981
Command: /usr/lib/upower/upowerd

Found HIDDEN PID: 1982
Command: lxpanel

Found HIDDEN PID: 2186
Command: /usr/lib/gvfs/gvfs-afc-volume-monitor

Found HIDDEN PID: 2450
Command: gnome-terminal

Found HIDDEN PID: 2453
Command: gnome-terminal

Found HIDDEN PID: 3646
Command: /usr/lib/udisks/udisks-daemon

Found HIDDEN PID: 4586
Command: rsyslogd

Found HIDDEN PID: 6781
Command: /usr/bin/nautilus
Last edited by unSpawn; 12-15-2011 at 12:56 PM. Reason: //Add BB code tags
 
Old 12-15-2011, 10:49 AM   #7
nokangaroo
Member
 
Registered: Nov 2009
Posts: 102

Original Poster
Rep: Reputation: 16
Edit: I took a look at the original unhide install (should have done that before). So I replaced the /usr/sbin/unhide binary I compiled with a link to /usr/sbin/unhide-linux26 (bypassing /etc/alternatives which only contained a link back to /usr/sbin), and this is the new output (unhide brute works now):


Code:
Unhide 20110113
http://www.unhide-forensics.info[*]Searching for Hidden processes through /proc stat scanning

Unhide 20110113
http://www.unhide-forensics.info[*]Searching for Hidden processes through getpriority() scanning
[*]Searching for Hidden processes through getpgid() scanning
[*]Searching for Hidden processes through getsid() scanning
[*]Searching for Hidden processes through sched_getaffinity() scanning
[*]Searching for Hidden processes through sched_getparam() scanning
[*]Searching for Hidden processes through sched_getscheduler() scanning
[*]Searching for Hidden processes through sched_rr_get_interval() scanning
[*]Searching for Hidden processes through kill(..,0) scanning
[*]Searching for Hidden processes through  comparison of results of system calls
[*]Searching for Hidden processes through sysinfo() scanning

HIDDEN Processes Found: 1	sysinfo.procs = 216   ps_count = 218
Unhide 20110113
http://www.unhide-forensics.info[*]Starting scanning using brute force against PIDS with fork()

Found HIDDEN PID: 3833	"  ... maybe a transitory process"
Found HIDDEN PID: 3834	"  ... maybe a transitory process"
Found HIDDEN PID: 3848	"  ... maybe a transitory process"
Found HIDDEN PID: 3999	"  ... maybe a transitory process"
Found HIDDEN PID: 4015	"  ... maybe a transitory process"
Found HIDDEN PID: 4016	"  ... maybe a transitory process"
Found HIDDEN PID: 4017	"  ... maybe a transitory process"
Found HIDDEN PID: 4591	"  ... maybe a transitory process"
Found HIDDEN PID: 4607	"  ... maybe a transitory process"
Found HIDDEN PID: 4614	"  ... maybe a transitory process"
Found HIDDEN PID: 4620	"  ... maybe a transitory process"
Found HIDDEN PID: 5205	"  ... maybe a transitory process"
Found HIDDEN PID: 5207	"  ... maybe a transitory process"
Found HIDDEN PID: 5258	"  ... maybe a transitory process"
Found HIDDEN PID: 17424	"  ... maybe a transitory process"
Found HIDDEN PID: 17840	"  ... maybe a transitory process"
Found HIDDEN PID: 17841	"  ... maybe a transitory process"
Found HIDDEN PID: 17855	"  ... maybe a transitory process"
Found HIDDEN PID: 18020	"  ... maybe a transitory process"
Found HIDDEN PID: 18027	"  ... maybe a transitory process"
Found HIDDEN PID: 18033	"  ... maybe a transitory process"
Found HIDDEN PID: 18039	"  ... maybe a transitory process"
Found HIDDEN PID: 18625	"  ... maybe a transitory process"
Found HIDDEN PID: 18641	"  ... maybe a transitory process"
Found HIDDEN PID: 18648	"  ... maybe a transitory process"
Found HIDDEN PID: 18654	"  ... maybe a transitory process"
Found HIDDEN PID: 18827	"  ... maybe a transitory process"
Found HIDDEN PID: 18873	"  ... maybe a transitory process"
Found HIDDEN PID: 18956	"  ... maybe a transitory process"[*]Starting scanning using brute force against PIDS with pthread functions

Found HIDDEN PID: 887	"  ... maybe a transitory process"
Found HIDDEN PID: 903	"  ... maybe a transitory process"
Found HIDDEN PID: 904	"  ... maybe a transitory process"
Found HIDDEN PID: 1126	"  ... maybe a transitory process"
Found HIDDEN PID: 1137	"  ... maybe a transitory process"
Found HIDDEN PID: 1143	"  ... maybe a transitory process"
Found HIDDEN PID: 1148	"  ... maybe a transitory process"
Found HIDDEN PID: 1730	"  ... maybe a transitory process"
Found HIDDEN PID: 1745	"  ... maybe a transitory process"
Found HIDDEN PID: 1751	"  ... maybe a transitory process"
Found HIDDEN PID: 1757	"  ... maybe a transitory process"
Found HIDDEN PID: 1939	"  ... maybe a transitory process"
Found HIDDEN PID: 1970	"  ... maybe a transitory process"
Found HIDDEN PID: 1993	"  ... maybe a transitory process"
Found HIDDEN PID: 17567	"  ... maybe a transitory process"
Found HIDDEN PID: 17569	"  ... maybe a transitory process"
Found HIDDEN PID: 17581	"  ... maybe a transitory process"
Found HIDDEN PID: 17718	"  ... maybe a transitory process"
Found HIDDEN PID: 17733	"  ... maybe a transitory process"
Found HIDDEN PID: 17739	"  ... maybe a transitory process"
Found HIDDEN PID: 17744	"  ... maybe a transitory process"
Found HIDDEN PID: 18287	"  ... maybe a transitory process"
Found HIDDEN PID: 18301	"  ... maybe a transitory process"
Found HIDDEN PID: 18307	"  ... maybe a transitory process"
Found HIDDEN PID: 18313	"  ... maybe a transitory process"

Checked these with my script, and they were indeed transitory.
I ran unhide several times, and so far the "intermittent activity" warning hasn't come back.
Last edited by unSpawn; 12-15-2011 at 12:59 PM. Reason: //Add BB code tags
 
Old 12-15-2011, 01:00 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 21,610
Blog Entries: 47

Rep: Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413Reputation: 1413
Quote:
Originally Posted by nokangaroo View Post
I ran unhide several times, and so far the "intermittent activity" warning hasn't come back.
Excellent. Thanks for posting feedback.
 
Old 02-17-2012, 10:09 PM   #9
YJesus
LQ Newbie
 
Registered: Feb 2012
Posts: 1

Rep: Reputation: Disabled
try with -r
There are a extrange bug in some kernels that gives false positives in sysinfo test, you can try with -r flag and probably the one extra process disappear
 
  


Reply

Tags
security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
"No activity or connectivity with Broadcom BCM4318 card" budfan38 Linux - Laptop and Netbook 3 03-01-2011 10:44 AM
plasma "desktop activity" never-never land..... unclejed613 Slackware 8 12-07-2010 05:38 AM
Intermittent "No network connection" patengent Linux - Networking 3 12-01-2010 04:46 PM
LKM Trojan and "suspicious activity" in /tmp/firstbootX.log, says Rootkit Hunter moxieman99 Linux - Security 2 04-05-2009 11:49 AM
Intermittent "Server Not Found" Problem beartooth91 Slackware 12 09-20-2007 10:42 PM


All times are GMT -5. The time now is 04:47 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration