Hi,
unhide reports that there are ports that are not being seeing by ss. i
also used lsof and netstat and they don't show up.
[~] % sudo unhide-tcp
Unhide-tcp 20130526
Copyright © 2013 Yago Jesus & Patrick Gouin
License GPLv3+ : GNU GPL version 3 or later
http://www.unhide-forensics.info
Used opt
On 12/18/17, Steve Grubb wrote:
> Hello,
>
..
>
> If you got rooted, then you may not be able to trust anything. Typically
> they hide
> processes seen by ps and files seen by ls. It might be that they use an
> unknown
> syscall number or its in the kernel itself. I also don't know if they
a coworker suggested i change max_log_file_action to KEEP_LOGS
instead of ROTATE in /etc/audit/auditd.conf. this did the trick.
auditd was generating too many logs and activating log rotation. i ran
a test after the change and the lower ports that did not show up
previously, showed up in the logs
