Using unhide with rkhunter

Unhide is a program that will detect hidden processes on your system. It is a good complement to rkhunter (a rootkit scanner for Linux and Unix). Rkhunter will make use of unhide if you have unhide installed on your system. Here is a little tutorial on how to do it (I assume you have rkhunter already installed and configured, and are familiar with its use.):

1. Download unhide and unpack in a temporary directory.

2. If you are using Linux with a 2.6 kernel, create the executable by running the command:
gcc -Wall -o unhide unhide-linux26.c

3. If you are running any other kernel, run this command:
gcc -Wall -o unhide unhide.c

4. Copy the executable to a place where rkhunter can find it:
cp unhide /usr/local/bin/

5. Rerun rkhunter --propupd (so that unhide will not throw a warning in rkhunter!)

6. That's it! The next time you run rkhunter, it will discover and make use of unhide.