wok-current rev 25380

updated unhide (20130526 -> 20210124)
author Hans-G?nter Theisgen
date Sat Jul 30 16:42:50 2022 +0100 (2022-07-30)
parents 348478407936
children c073aabaa2ad
files unhide/description.txt unhide/receipt
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/unhide/description.txt	Sat Jul 30 16:42:50 2022 +0100
     1.3 @@ -0,0 +1,17 @@
     1.4 +Unhide is a forensic tool to find hidden processes and TCP/UDP ports
     1.5 +by rootkits, LKMs or by another hiding technique.
     1.6 +
     1.7 +Detecting hidden processes. Implements six main techniques
     1.8 +
     1.9 +1- Compare /proc vs /bin/ps output
    1.10 +2- Compare info gathered from /bin/ps with info gathered by walking
    1.11 +   through the procfs.
    1.12 +3- Compare info gathered from /bin/ps with info gathered from
    1.13 +   syscalls (syscall scanning).
    1.14 +4- Full PIDs space occupation (PIDs bruteforcing).
    1.15 +5- Compare /bin/ps output vs /proc, procfs walking and syscall.
    1.16 +   Reverse search, verify that all threads seen by ps are also seen
    1.17 +   in the kernel.
    1.18 +6- Quick compare /proc, procfs walking and syscall vs /bin/ps output.
    1.19 +   It's about 20 times faster than tests 1, 2 and 3 but maybe give
    1.20 +   more false positives.

     2.1 --- a/unhide/receipt	Sat Jul 30 15:37:46 2022 +0100
     2.2 +++ b/unhide/receipt	Sat Jul 30 16:42:50 2022 +0100
     2.3 @@ -1,17 +1,18 @@
     2.4  # SliTaz package receipt.
     2.5  
     2.6  PACKAGE="unhide"
     2.7 -VERSION="20130526"
     2.8 +VERSION="20210124"
     2.9  CATEGORY="security"
    2.10  SHORT_DESC="Forensic tool to find hidden processes and TCP/UDP ports."
    2.11  MAINTAINER="pascal.bellard@slitaz.org"
    2.12  LICENSE="GPL3"
    2.13  WEB_SITE="https://www.unhide-forensics.info/?Linux"
    2.14  
    2.15 -TARBALL="$PACKAGE-$VERSION.tgz"
    2.16 +SOURCE="Unhide"
    2.17 +TARBALL="$SOURCE-$VERSION.tar.gz"
    2.18  WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL"
    2.19  
    2.20 -DEPENDS=""
    2.21 +DEPENDS="iproute2 procps"
    2.22  BUILD_DEPENDS=""
    2.23  
    2.24  # What is the latest version available today?
    2.25 @@ -28,6 +29,9 @@
    2.26  	$CC -pthread unhide-linux*.c unhide-output.c -o unhide
    2.27  	$CC unhide_rb.c -o unhide_rb
    2.28  	$CC unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp
    2.29 +
    2.30 +	mkdir -p	$install/usr/share
    2.31 +	cp -a man	$install/usr/share
    2.32  }
    2.33  
    2.34  # Rules to gen a SliTaz package suitable for Tazpkg.