unhide for Debian
-----------------

These utilities are meant to be run as root, otherwise, they will miss certain things or
report false positives.


False positives 
----------------

Grsecurity kernels seem to reserver PIDs 300 to 499.  They will be reported when using
unhide's brute-forcing method.

Some applications can start listening on a port between the time that unhide gets the
list of open ports in /bin/netstat and the time when it brute-forces ports.  Run it a few
times to make sure that it's not a permanent port.

Non-Linux 2.6 kernels
----------------------

If you want to run unhide on a kernel other than Linux 2.6, make the unhide-posix program
the default:

   update-alternatives --config unhide

 -- Francois Marier <francois@debian.org>  Thu, 06 Dec 2007 16:59:30 +1300