How To Install unhide on Debian 12

Introduction

In this tutorial we learn how to install unhide on Debian 12.

What is unhide

unhide is:

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.

unhide detects hidden processes using the following six techniques:

• Compare /proc vs /bin/ps output
• Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
• Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
• Full PIDs space occupation (PIDs bruteforcing)
• Reverse search, verify that all thread seen by ps are also seen by the kernel (/bin/ps output vs /proc, procfs walking and syscall)
• Quick compare /proc, procfs walking and syscall vs /bin/ps output

unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

This package can be used by rkhunter in its daily scans.

This package is useful for network security checks, in addition to forensics investigations.

There are three methods to install unhide on Debian 12. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install unhide Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install unhide using apt-get by running the following command:

sudo apt-get -y install unhide

Install unhide Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install unhide using apt by running the following command:

sudo apt -y install unhide

Install unhide Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install unhide using aptitude by running the following command:

sudo aptitude -y install unhide

How To Uninstall unhide on Debian 12

To uninstall only the unhide package we can use the following command:

sudo apt-get remove unhide

Uninstall unhide And Its Dependencies

To uninstall unhide and its dependencies that are no longer needed by Debian 12, we can use the command below:

sudo apt-get -y autoremove unhide

Remove unhide Configurations and Data

To remove unhide configuration and data from Debian 12 we can use the following command:

sudo apt-get -y purge unhide

Remove unhide configuration, data, and all of its dependencies

We can use the following command to remove unhide configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge unhide

Dependencies

unhide have the following dependencies:

• libc6
• iproute2
• net-tools
• lsof
• psmisc
• procps

References

• unhide website
• unhide on packages.debian.org

Summary

In this tutorial we learn how to install unhide package on Debian 12 using different package management tools: apt, apt-get and aptitude.